A hospital has access to very sensitive health data. The Hospital Information System (HIS) records, processes and passes on patient files which should by no means fall into the wrong hands. Ensuring cyber security, however, becomes more and more complex because of digitization in the healthcare sector, e.g. in form of electronic patient files. All employees who use the Hospital Information System, therefore, must be sensitized and trained for reacting to possible attacks.