How to design cyber security for a hospital