--- url: "https://xcademia.com/courses/critical-infrastructure-defence-healthcare-and-nhs" title: "Critical Infrastructure Defence: Healthcare and NHS" description: "Three-day cybersecurity training for NHS & healthcare professionals. Covers DSPT, NCSC CAF, medical device security, and ransomware incident response." publishedAt: "2026-04-13T11:25:53.532415+00:00" updatedAt: "2026-04-16T10:49:45.321701+00:00" type: course code: "CYB-0166" level: Practitioner duration_days: "3" track: "Cyber Warfare & Advanced Threat Defence" category: "Cybersecurity & Ethical Hacking" credential_tier: tier1 price_gbp: "3494" --- # Critical Infrastructure Defence: Healthcare and NHS > A practitioner programme for NHS and healthcare security professionals covering nation-state targeting, medical device vulnerabilities, DSPT and NCSC CAF alignment, and clinical incident response. Develop the skills to protect DICOM, PACS, and medical IoT systems, segment clinical networks effectively, and manage a ransomware incident in a live healthcare environment. ## Overview Healthcare is explicitly targeted by nation-state actors including APT42, Charming Kitten, and IRGC-affiliated groups. Patient data, medical research, and the operational dependency of clinical services on connected technology make healthcare one of the most consequential targets in the critical infrastructure landscape. The WannaCry attack and the 2026 Stryker incident demonstrated that ransomware in healthcare directly affects patient safety, not just data confidentiality. Over three mentor-led days, participants identify and mitigate the attack vectors most commonly used against healthcare, protect DICOM, PACS, and medical IoT systems against intrusion, apply DSPT and NCSC CAF to NHS environments, design clinical and administrative network segmentation, and develop incident response plans calibrated to clinical operational constraints. The programme concludes with a tabletop exercise simulating a ransomware attack on a hospital network during active clinical operations, requiring participants to manage response, communicate with clinical leadership, and restore services under realistic time pressure. This course is aligned with NHS DSPT requirements, NCSC CAF for healthcare, and NHS cyber resilience standards. ## Prerequisites - Professional experience in NHS IT, healthcare security, clinical informatics, or data protection. - Basic understanding of network security concepts including segmentation and access control. - Familiarity with the NHS operational environment and the constraints of clinical workflow. ## What you will learn - Identify and mitigate the attack vectors most commonly used against NHS and healthcare organisations. - Apply DSPT requirements and NCSC CAF outcomes to NHS operational environments in practice. - Protect DICOM, PACS, and medical IoT systems against nation-state and ransomware intrusion vectors. - Design clinical and administrative network segmentation appropriate to a complex NHS environment. - Design and test an incident response plan calibrated to the constraints of a live clinical environment. - Communicate cyber risk and incident status effectively to clinical, executive, and regulatory audiences. - Design a staff awareness programme that functions within NHS clinical workflow and shift constraints. ## Skills you will gain - DSPT gap assessment and implementation - NCSC CAF healthcare mapping - Medical device security assessment - DICOM and PACS vulnerability analysis - Clinical network segmentation design - Healthcare incident response planning - Medical IoT asset management - NHS ransomware tabletop facilitation - Clinical staff awareness programme design - Healthcare regulatory notification production ## Career progression - NHS Security Lead - Healthcare CISO - Clinical Informatics Specialist - Data Protection Officer - Medical IT Manager - Healthcare Risk Manager ## Curriculum 1. **Module 1: Getting Ready** - Pre-reading: NHS DSPT overview and NCSC CAF for healthcare organisations - Introduction to healthcare-specific threat actor targeting patterns and clinical context - Accessing course resources, clinical network scenario materials, and collaboration workspace - Course objectives, healthcare security knowledge baseline assessment, and pathway alignment 2. **Module 2: Healthcare as an Explicit Nation-State Target** - Why healthcare is specifically targeted: medical research, patient data, and operational leverage - APT42 and Charming Kitten: documented targeting of NHS and international healthcare systems - IRGC-affiliated groups: current pre-positioning assessment in healthcare networks as of 2026 - Ransomware groups with nation-state alignment targeting healthcare for direct financial revenue - 2025-2026 healthcare incident timeline: key attacks and emerging sector-specific threat patterns 3. **Module 3: Medical Device Security** - • Ventilators, infusion pumps, and imaging systems: attack surface, default credentials, and exploitation vectors - • Medical device network discovery without disrupting clinical workflows or patient safety - • Vulnerability disclosure in healthcare: why coordinated disclosure is operationally complex - • Lifecycle security for medical devices: security requirements from procurement through decommission - • OEM and manufacturer communication processes for vulnerability management in clinical environments 4. **Module 4: DICOM, PACS, and Imaging System Security** - • DICOM protocol vulnerabilities and patient data exfiltration risks from imaging infrastructure - • PACS network exposure: common misconfigurations that expose imaging systems to the corporate network - • Malicious DICOM files as an attack vector: parsing vulnerabilities and malware delivery via imaging - • Segmenting imaging networks from clinical and administrative environments without clinical disruption - • Monitoring PACS and imaging system access logs for anomalous behaviour patterns 5. **Module 5: Ransomware Impact: Case Studies and Analysis** - WannaCry and the NHS: full timeline, clinical impact, and lessons that remain relevant in 2026 - 2026 Stryker attack: how medical device supply chain compromise affected patient safety outcomes - Charming Kitten credential harvesting against NHS staff at operational scale - Supply chain attacks via NHS IT service providers: third-party compromise reaching clinical networks - Quantifying patient safety risk from ransomware in live clinical operational environments 6. **Module 6: DSPT Alignment and NCSC CAF for NHS** - Data Security and Protection Toolkit requirements and current NHS assessment structure - NCSC CAF outcomes mapped specifically to NHS operational realities and resource constraints - Conducting a DSPT gap assessment: methodology, evidence requirements, and prioritisation approach - Aligning DSPT requirements with NCSC CAF for a unified, coherent NHS compliance programme - Regulatory reporting obligations for NHS cyber incidents: timelines, content, and notification channels 7. **Module 7: Clinical and Administrative Network Segmentation** - Designing segmentation between clinical, administrative, and medical device network zones - Zero trust principles applied to complex NHS network architecture with legacy system constraints - Medical IoT VLAN design: isolating connected clinical devices without disrupting clinical workflows - Remote access security for clinical systems in hybrid working and community care environments - Hands-on exercise: design segmentation for a simulated NHS network environment 8. **Module 8: Medical IoT Asset Management and Lifecycle Security** - Building and maintaining a medical IoT asset inventory in a complex NHS trust environment - Firmware update management for clinical devices with strict availability and safety constraints - Network access control for medical IoT without disrupting patient care workflows - Vendor and manufacturer communication processes for ongoing vulnerability management - Decommission security for medical devices: data sanitisation and safe disposal requirements 9. **Module 9: Incident Response in Clinical Environments** - Why standard IT incident response fails in a live clinical operational setting - Business continuity for patient-facing clinical services when systems are taken offline - Communicating a cyber incident clearly to clinical staff, department leads, and executive leadership - Coordinating with NCSC, NHS England, and sector regulators during an active healthcare incident - Evidence preservation in healthcare: forensic collection without compromising patient safety 10. **Module 10: Staff Awareness Design for Clinical Teams** - Why standard cybersecurity awareness training consistently fails for frontline clinical staff - Designing awareness programmes that integrate into clinical workflow constraints and shift patterns - Phishing simulation design appropriate for healthcare environments and clinical staff responsibilities - Social engineering targeting clinical staff: case studies, manipulation tactics, and defence design - Measuring awareness programme effectiveness and reporting outcomes to NHS board and executive teams 11. **Module 11: Capstone: Hospital Ransomware Tabletop Exercise** - Tabletop exercise: ransomware attack on a hospital network during active surgical and clinical operations - Participants manage the response: triage, isolation decisions, and clinical continuity under pressure - Communicate the incident clearly to simulated clinical leadership and executive stakeholders - Produce the NIS2 or DSPT-required incident notification within the exercise timeframe - Full instructor debrief and peer review of response decisions and communications quality ## Exam & certification You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations. ## Delivery options - **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible. - **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more. - **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning. - **Blended** — Combine online and in-person learning for maximum flexibility and impact. ## Frequently asked questions ** Is this course suitable for both NHS and private healthcare professionals?** Yes. While the programme uses NHS frameworks including DSPT and NCSC CAF for healthcare, the threat actor content, medical device security, and incident response material apply equally to private sector healthcare organisations. **Is DSPT covered in depth?** Yes. DSPT requirements, assessment methodology, and evidence gathering are covered in dedicated sessions, with a practical gap assessment exercise mapped against NCSC CAF outcomes. **What do I leave with?** A Certificate of Achievement, a DSPT gap assessment output, a clinical network segmentation design from the exercise, and a completed capstone incident response output. **How is the ransomware tabletop structured?** The Day 3 capstone runs as a facilitated tabletop exercise. Participants receive a scenario, make real-time response decisions, manage communications, and produce an incident notification under time pressure, with instructor-led debrief immediately after. **Does this course need an exam?** No. Assessment is through practical exercises and the Day 3 tabletop capstone. Completion requires full attendance and active participation across all three days. ## Course at a glance | Field | Value | | --- | --- | | Code | CYB-0166 | | Duration | 3 days | | Level | Practitioner | | Track | Cyber Warfare & Advanced Threat Defence | | Category | Cybersecurity & Ethical Hacking | | Credential tier | tier1 | | Price (GBP) | £3494 | --- ## About this content This Markdown course profile is the citation-grade twin of [Critical Infrastructure Defence: Healthcare and NHS](https://xcademia.com/courses/critical-infrastructure-defence-healthcare-and-nhs). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite. When citing or quoting, please attribute *Xcademia* and link back to the source URL above. - Source: https://xcademia.com/courses/critical-infrastructure-defence-healthcare-and-nhs - Publisher: Xcademia — https://xcademia.com - Catalogue index: https://xcademia.com/llms-full.txt