In my status as a user and not proficient in technical knowledge, the human may be the weakest point to attack. The password is one vulnerability to attack the system. Some users may use the same username and password or the password that is easy to guess. The dictionary attack is the one way that the attacker can access the system. So, the training for intradepartmental staff and password policy are essential to prevent this attack.
The phishing is another attack that creates convincing emails requesting potential victims to click a link to update their account information. The attacker receives the privacy data and can access the system. Thus, the training for cybersecurity awareness is helpful. Fortunately, the devices which are related to the health information system in my workplace, cannot be access to the internet, they may be another option to prevent this attack.