On 18 February 2022, Pasquale Mari, Deputy Coordinator of PANACEA, was interviewed by RAI Radio 3 Mondo, the Italian national broadcaster, on the crippling effects of a cyber-attack on healthcare organisations, bringing down IT systems and severely affecting business continuity.
The backdrop to the interview is the ransomware attack on the Irish national health service, the Health Service Executive (HSE), in May 2021 with after-effects still on-going in significant efforts to restore patient care after the Irish government refused to bow to criminal extortion.
The attack was perpetrated by the Conti cyber gang in what are highly profitable cybercrimes that have targeted healthcare organisations over the past 12 months, in Germany, Ireland, Italy, New Zealand and the USA, severely affecting patient care. Early signs of the attack on the HSE occurred in March 2021, when a phishing attack took place sparking an email attachment to infiltrate the healthcare provider’s IT system. Two months later the attack escalated as the cyber gang penetrated deep inside the system, bringing down services in 54 hospitals with over 4,000 workstations and servers.
Having highlighted the impacts on business continuity, Pasquale Mari goes on to outline the solutions developed and tested by PANACEA in the HSE, the Gemelli University Hospital in Italy and hospitals in Crete, with a deep dive on the HSE attack in terms of how this EU-funded project could have helped avoid or mitigate impacts.
Spanning technical, human and organisational aspects, PANACEA offers an integrated solution to cybersecurity in healthcare. Technical solutions include, among others, biometrics-based authentication of hospital staff accessing sensitive equipment and data along with software used to detect vulnerabilities in a hospital’s network. On the human side, the PANACEA solution comprises a package of short video clips with cartoons and audio prompts conveying universally-understood insights into insecure human behaviours that happen on a daily basis, from leaving USB sticks lying around to sharing credentials or not logging out of workstations. This is just one example of how PANACEA is raising awareness of the very real risks caused by human behaviours as a critical measure that healthcare organisations should include in their cybersecurity strategies and budget plans.
The interview is available here (17 mins 20 seconds): https://www.raiplaysound.it/audio/2022/02/Radio3-Mondo-del-18022022-ddf4510a-32ec-4c24-8bf8-0b4a3033c0d0.html