Cubersecurity Seminars: an interview with Francesca Sanna
In the healthcare sector, technological transformation has expanded treatment options, but also increased the scope of risk. According to the latest Clusit Report, in 2025 cyberattacks against healthcare facilities exceeded 1,000 cases globally, representing a 30% increase compared to the previous year. Increasingly, these are high-severity attacks, designed to maximise operational, financial and reputational impact.
In this scenario, cybersecurity is no longer a technical issue, but an organisational and managerial responsibility: it concerns service continuity, the protection of sensitive data and, in the case of healthcare, the safety of patients themselves.
To tackle this challenge, new skills are needed, but above all a widespread culture of security. With this aim in mind, Cybersecurity Seminars was launched, a programme promoted by the University of Milan in collaboration with the Fondazione Mondo Digitale ETS, with the support of Google.org and Virtual Routes. The programme combines training with practical application: students and professionals put the skills they have acquired at the service of organisations, associations and businesses through approximately 40 hours of field experience.
It is within this context that the experience of Francesca Sanna comes into play; a healthcare manager who has chosen to bring a culture of cybersecurity to her organisation, transforming training into a concrete tool for prevention.
Francesca’s story
Originally from Sardinia but a resident of Tuscany for over twenty years. With a background in nursing and an academic career combining psychology and management, Francesca holds a degree in psychological sciences and techniques and a master’s degree in organisational and institutional psychology. Today she holds the role of Area Manager in a private healthcare company. It is precisely this multidisciplinary perspective that led her to participate in the Cybersecurity Seminars programme with the aim of raising awareness of digital risks within her organisation (CerbaHealthCare), promoting among colleagues and staff a culture of security that is increasingly necessary even in the healthcare sector.
In the interview conducted by Alberta Testa, Francesca explains how cybersecurity can become a practical tool for improving data management and preventing risks that are becoming increasingly widespread, even in the healthcare sector.
Francesca, you have a very varied professional background. Can you tell us what you do and how you came to work in cybersecurity?
I have a degree in nursing and worked as a coordinator for years. After Covid, I took a ‘quantum leap’ by becoming a specialist in remote diagnostic systems that communicate with hospitals’ central servers. Today, I am an Area Manager at a private healthcare company with four clinics in Tuscany, over 20 blood collection points and two analysis laboratories. I’ve always been familiar with IT and, as my husband works in national cyber security, it’s a topic we discuss daily at home too.
Why did you decide to enrol in the Cybersecurity Seminars despite already holding a managerial position?
I believe training is essential, first and foremost for those running the company and then, by extension, for the employees.
The best training comes from those who truly care about the company. I had seen the example of one of our major competitors being literally brought to its knees by a cyber incident and I wanted to prevent the same thing from happening to my organisation. I preferred to take a highly specialised course so as not to talk to my employees about things I didn’t fully understand myself.
How did the practical training session you ran go?
It went very well. I spent 40 hours training the staff, using PowerPoint presentations but speaking largely off the cuff. I organised targeted group sessions, for example for reception or admin staff, as well as one-to-one meetings for those with specific questions about their role. As a healthcare organisation, cyber incidents are unfortunately a daily occurrence, and the staff were very proactive and inquisitive.
What were the main topics and risks you focused on?
We focused heavily on phishing, on how to distinguish a malicious email from a genuine company email, and on privacy-related risks. We analysed real-life scenarios: for example, how to avoid the mistake of printing a medical report using another patient’s credentials, or how to handle suspicious messages on company phones that appear to come from within the organisation. In one instance, I even had to correct a misguided suggestion from the internal IT department, which had advised replying to a phishing email; I explained to them that the email should simply be deleted and reported, never opened.
Do you think your colleagues’ perception of risk has changed following this programme?
Yes, I believe they are fully aware of the risk now. I warned them of the real dangers: when a company is shut down, it is the employees who are the first to suffer. On a personal level, the course helped me a great deal, especially with regard to the regulatory aspects I was unaware of. I felt comfortable combining the healthcare and IT aspects because, in modern healthcare, they are now one and the same: patient management is almost entirely computerised.
CYBERSECURITY SEMINARS IN BRIEF
Challenge. Digital transformation exposes organisations and communities to increasingly complex cyber risks, whilst the need for professionals capable of protecting data, systems and infrastructure is growing.
Project. Cybersecurity Seminars, coordinated by the University of Milan in collaboration with FMD, trains university students through specialist seminars, hackathons and practical cybersecurity activities. The programme is implemented with the support of Google.org in collaboration with Virtual Routes
Service learning. Students apply the skills they have acquired by supporting local community organisations – third sector bodies, schools, small and medium-sized enterprises and local authorities – in risk analysis and the protection of digital systems.
Objective. To develop advanced cybersecurity skills whilst strengthening the digital security of communities and regions.
