Healthcare employees are the backbone of daily operations. When interacting with patients and handling ePHI, your employees can make or break your cybersecurity strategy. This is why cybersecurity awareness training and education should be on your priority list. But security awareness training isn’t necessarily a one-size-fits-all approach.

Currently four main generations comprise the majority of the U.S. workforce:

  • Baby boomers (born 1946-1964)
  • Generation X (born 1965-1980)
  • Millennials (born 1981-1996)
  • Generation Z (born 1997-2012)

While these generations work side-by-side, they may all learn differently. And that means for maximum effectiveness, your healthcare organization should consider tailoring your cybersecurity training programs for each generation.

Tips on Educating Security Risks and Protocols for Each Generation

Baby Boomers

Within your healthcare organization, baby boomers have likely been around the longest. These employees value job security and often stay with the same employer for decades. They have deep knowledge of the industry and have plenty of expertise to offer. Some best practices for teaching baby boomers about security risks and protocols include:

  • Bringing in an Expert: Baby boomers likely have a base knowledge of your cybersecurity protocol, and an industry expert can take this a step further. This generation respects knowledge and experience, so they’ll likely be receptive to a cybersecurity specialist.
  • Focusing on Collaboration: Boomers are highly collaborative and value face-to-face communication. They’ll likely thrive in group training sessions, working with each other to understand security concepts.
  • Providing Follow Up: While baby boomers have a grasp on workplace technology, they may require extra support when putting new technological concepts into practice. Following up with their training and being available for questions can be helpful.

In general, baby boomers are optimistic and adapt well. They can easily adapt to cybersecurity best practices with the right educational opportunities and tools.

Generation X

Generation X has also been on the job for several decades. These employees are highly independent and tend to be skeptical. They’re also hardworking and generally comfortable with technology. To help them succeed in their cybersecurity training, you can:

  • Provide Resources: These independent employees tend to learn well on their own. Consider providing resources like written instructions and online videos that they can review on their own time. Tools like these will be helpful even if you’re providing in-person training.
  • Show Examples: Your Generation X employees will want to understand why a certain security protocol is in place. Walk them through real-world examples to show how cyber threats can play out.
  • Emphasize the Benefits: These self-reliant employees will likely want to know why they’re attending cybersecurity training. Emphasize their personal role in protecting ePHI.

This generation is skilled at independent learning and can be great mentors for other employees. Small group training may also be a useful resource to help Generation X learn and implement cybersecurity measures.


The largest generation in the U.S. workplace, millennials are innovative, results-driven, and mission-focused. The millennials in your healthcare organization will benefit from knowing how your cybersecurity program helps patients. Some steps you can take to make cybersecurity awareness training work for millennials include:

  • Emphasizing Career Development: Millennials are independent and want to grow quickly within their careers. Frame cybersecurity awareness training as a way to boost their industry knowledge and advance their job prospects.
  • Taking a Values-Based Approach: This generation typically wants to work for organizations with clear values. So, be sure to show how your cybersecurity protocol benefits the organization, as well as your patients and employees.
  • Working with their Schedules: Flexibility is a high priority for the millennial workforce. Offering training sessions at several times, as well as remote training, will make these educational opportunities more appealing to employees.

Millennials are so-called “digital natives,” so you can expect these employees to understand topics like encryption, IoT security, and email security. Just be sure to offer follow-up training opportunities, so they can grow their knowledge base.

Generation Z

The youngest employees in your organization are likely Generation Z. While this generation is fairly new to the workforce, they’re eager to learn. These employees are highly tech-savvy and value flexibility, much like their millennial coworkers. To help Generation Z learn cybersecurity best practices:

  • Use Multimedia: Generation Z grew up with technology, and multimedia played a significant role in their education. Using video, interactive platforms, and mobile apps for cybersecurity training is a great option when working with this generation. And they can help their older coworkers adapt to these methods.
  • Leave Room for Innovation: Remember that your Generation Z employees are the healthcare managers and cybersecurity professionals of the future. While they’re new in their jobs, they may have ideas to streamline your cybersecurity training or even overall protocol.
  • Get Technical: Generation Z has a foundational knowledge of technology, so don’t hesitate to get technical more quickly with these employees. This is especially true on a one-on-one basis.

While Generation Z is new to the workplace, they are often able to pick up concepts quickly and build upon ideas to strengthen the organization. This ability will be helpful to your organization’s overall security strategy in the future.

Cross-Generational Training for Cybersecurity

Remember: While each generation has distinct characteristics, these qualities don’t define them. Healthcare organizations can use cross-generational training to educate employees on security best practices. To implement this education, organizations can:

  • Offer in-person and virtual cybersecurity courses to meet varying employee needs
  • Provide flexible training options to accommodate different schedules
  • Create space for collaboration and peer mentorship
  • Offer one-on-one training to boost employee knowledge
  • Follow up with all employees to ensure implementation
  • Collect employee feedback to improve training programs

Employee education is an essential part of every organization’s cybersecurity strategy. By engaging each generation equally, your healthcare organization will help every employee follow security protocol on a daily basis.

For more insights about developing a strong culture of cybersecurity within your healthcare organization, check out our on-demand webinar, The Art & Science Behind a Strong Cybersecurity Culture.