The EU Directive on the security of network and information systems (NIS Directive) is a legislative measure aimed at prioritising cybersecurity across the European Member States. The Directive defines healthcare organisations as operators of essential services (OES), setting out specific legal and technical requirements for implementation. As critical infrastructures, hospitals and other healthcare organisations need to ensure their IT systems are secure and resilient against cyber-attacks and incidents as they can have severe impacts on patient care.
This is where PANACEA Research comes into play as a human-centric, holistic approach to cybersecurity for healthcare, combining new technologies, people, processes, governance and organisational tools to manage cyber risks. We share here the drivers for partners from healthcare organisations, IT-savvy SMEs and research institutes. They are just some of the organisations working together to ensure best practices in terms of human behaviour for being part of the PANACEA Research H2020 projects.
We had the chance to talk about the importance of security in healthcare organisations with some of our partners.
Prof. Daniele Gui, from the Emergency Surgery department at the Fondazione Policlinico Gemelli (FPG) hospital in Rome -Italy, thinks that the PANACEA project could help increase the hospital’s resilience and create a culture of security, not just among staff members, but also patients, who need the very best possible healthcare all the time.
When it comes to creating a culture of security, we cannot ignore that this goes hand in hand with awareness, above all in a very complex ecosystem such as a hospital. As Sabina Magalini, Researcher at the Università Cattolica del Sacro Cuore reminds us, all the people, whether they have technical skills or not, are constantly connected through different devices. This is true today more than ever, with the Covid-19 emergency the world is facing, and we cannot forget that every time people are connected, they are inevitably facing cyber vulnerability ; for this reason, another important objective of the PANACEA project is to increase risk awareness in healthcare facilities and communicating the right procedures to implement, in order to improve the security of data. Healthcare personnel is the real stakeholder of our commitment, and it has a fundamental role within our project.
We talked about resilience with Stelios Dimitrakopoulos, General Practitioner and Deputy Manager at the 7th Health Region of Crete, who also agrees that this is a driver to participate in the PANACEA Research project. The World Health Organisation has recognised the necessity to adopt digital interventions in order to strengthen health systems.
The 7th HRC was already delivering a number of e-health services when our project began in 2019, which increased exponentially during these trying times of the pandemic.
Liam Woods is the National Director of Acute Operations at Health Service Executive in Ireland: he shared with us insights about cyber-attacks in Ireland: PANACEA Research helps fighting this significant threat by assisting with its Toolkit addressing management and governance.
Moreover, as pointed out by Peter Daly from the Irish Centre for Emergency Management, the growing use of IT in healthcare also increases the risks of cyber-attacks, as we have seen with the Covid-19 pandemic. For this reason it is crucial that healthcare and emergency management centres improve their knowledge of vulnerabilities in the IT systems and medical devices.
Matteo Merialdo, Manager of Security Research and Development Projects at RHEA group, points out how healthcare is one of the sectors where cybersecurity is a crucial discipline. Again, a driver for the participation in the PANACEA project is that it will provide tools and innovative solutions to mitigate the risk of cyberattacks & improve awareness.
Finally, we have talked with Dr Dawn Branley-Bell, Chartered Psychologist & Research Associate at Northumbria University (UNAN), which is involved in the PANACEA Research project especially with the investigation of the human behavioural aspects of cybersecurity and behaviour chance, or deviance with respect to a security norm.