ECSO is the European Cyber Security Organisation, which represents the industry-led contractual counterpart to the European Commission for the implementation of cyber security public-private partnership.
Published in March 2018, this report focuses on the trends and consequences of an increasing cyber threat surface in the healthcare sector with a view to ensuring that healthcare services and organisations continue to provide resilient and secure health services. It therefore analyses the cyber security landscape of the healthcare sector; identifies all actors involved in the healthcare sector that are impacted in some way; defines the specific characteristics of healthcare and their influence on the cyber security challenges and solutions and summarises key aspects of the cyber security market within the healthcare sector such as its size and expected evolution in the upcoming years.
Here we focus on the specific characteristics of healthcare and related cybersecurity challenges and prerequisites, especially in view of the increasing digitisation of healthcare delivery.
- Digital Healthcare needs to be resilient against an expnading and evolving cyber-attack landscape by preventing data leakage and loss of patient data and identity theft. The same applies to more traditional health care devices and equipment of the hospital.
- Real-time security and dependability monitoring is a much needed feature. A significant advancement in current technologies must be achieved soon, since it is a fundamental prerequisite to the real uptake of information technology and connected devices in healthcare.
- The human factor is one of the major security threats in digital health. It is key that personnel be made aware of the basic cyber security threats they are exposed to. This entails improving the skills – both technical and behavioural – of the personnel via innovative training techniques that are well received by the (non-IT-expert) workforce. The awareness level in cyber security aspects for all levels of healthcare personnel, e.g., nurses, technicians, administrative personnel and doctors, is an important aspect. The user is most often the weakest link when it comes to cyber-attacks and vulnerablities.
- System availability and business continuity is the key component for providing seamless digital healthcare services, guaranteeing access to critical health information by authorised professionals as well as secure access control by end-users. The entire healthcare service needs to both security mechanisms and the means to automatically recover from a cyber-attack in the shortest time possible.
- Data security and integrity is another important challenge, in particular related to data storage, network elements, e.g. an access router to a site hosting the digital health application for exchanging health data and Identity and Access Management Systems (IAM).
- Security and privacy by design in the evolution of hospital services are both critical elements.
- Cybersecurity aspects need to be planned and implemented before the usage of new devices or systems, that is through tailored procurement, outsourcing and maintenance phases and processes.
- The emerging patient ecosystem calls for greater attention to cybersecurity and privacy aspects, taking on board the evolutions of mobile services, the better penetration of information technology to patients and the increased impact of mobile wellness solutions.
PANACEA Research perspectives: PANACEA is engaged in research and innovation for a human-centric approach to cybersecurity in healthcare, including security-by-design frameworks and novel training and educational services, including a tool for triggering secure behaviour. It is also conducting an extensive market analysis, covering the state of the art and the supply side.
Lookout Watch entry date: 07/05/2019