Code DARK: Leveraging the Human Firewall

Published:November 21, 2022DOI:


      Health care organizations can no longer afford to “bolt on” cybersecurity elements to projects and initiatives in an ad hoc style. To best prepare our health care system to address cyber risks, it’s important to consider both the technical and human aspects of a robust cybersecurity program. Cybersecurity works best when it employs a “layered defense”—multiple layers of security built into the organizational infrastructure that provide additional coverage should a threat bypass a single layer of protection. Code DARK is a user-centered strategy that leverages the human firewall, empowering our first responders to be active participants in our cyber defense efforts.
      To read this article in full you will need to make a payment

      Purchase one-time access:

      Academic & Personal: 24 hour online accessCorporate R&D Professionals: 24 hour online access
      One-time access price info
      • For academic or personal research use, select 'Academic and Personal'
      • For corporate R&D use, select 'Corporate R&D Professionals'


      Subscribe to Nurse Leader
      Already a print subscriber? Claim online access
      Already an online subscriber? Sign in
      Institutional Access: Sign in to ScienceDirect


      1. ( ICS)2®. 2021 Cybersecurity Workforce Study: A Resilient Cybersecurity Profession Charts the Path Forward.
        (Available at:)
      2. Cyber Seek. Cybersecurity Supply/Demand Heat Map.
        (Available at:)
        Date accessed: October 5, 2022
        • The Joint Commission
        New Quick Safety Advisory on Building a Culture of Cybersecurity.
        (Available at:)
        • Cybersecurity & Infrastructure Security Agency (CISA)
        Security Tip (ST04-001): What Is Cybersecurity? 2019.
        (Available at:)
        Date accessed: September 9, 2022
        • Stack B.
        Here’s How Much Your Personal Information Is Selling for on the Dark Web.
        (Available at:)
        • HITRUST Alliance Inc
        Healthcare Sector Cybersecurity Framework Implementation Guide.
        (Available at:)
        • National Institute of Standards and Technology (NIST)
        Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1. 2018.
        (Available at:)
        • Riggi J.
        Ransomware Attacks on Hospitals Have Changed.
        (Available at:)
      3. Sophos. The State of Ransomware in Healthcare 2022.
        (Available at:)
        • Brumfield C.
        SEC Filings show hidden ransomware costs and losses.
        (Available at:)
        • Kim L.
        Cybersecurity awareness: protecting data and patients.
        Nurs Manage. 2017; 48: 16-19


      Simmy King, DNP, MS, MBA, RN-BC, NE-BC, CHSE, FAAN, is chief nursing informatics and education officer,


      Andrea Kraus, CCAP, is manager, Cybersecurity Awareness, Training & Exercise, at Children’s National Hospital in Washington DC. Dr. King can be reached at [email protected] .