In December 2015, ENISA, the European Agency for Cyber Security, published its study on the approaches and measures that Member States take to protect critical healthcare systems with the goal to improve healthcare and patient safety.
The report covers:
- The policy context in Europe and the legislation of the Member States.
- The perception of the Member States on critical assets in digital health infrastructures.
- The most important security challenges.
- The most common security requirements.
- Good practices that have been implemented by Member States for digital health security.
Based on the main findings, its recommendations are:
- Recommendation 1: Member States should conduct an asset identification and a risk assessment activity to classify their critical eHealth infrastructures and services and develop a national catalogue.
- Recommendation 2: Member States should introduce clear cyber security guidelines for the protection of their critical eHealth infrastructures and services.
- Recommendation 3: Member States and healthcare organisationsshould perform an impact/cost benefit analysis of healthcare cyber security incidents and to use this as leverage for increasing investment on eHealth systems and infrastructures security.
- Recommendation 4: Member States should develop incident response mechanisms to efficiently bring together the healthcare organisations with the national cyber security competent centres.
- Recommendation 5: Member States and healthcare organisations should setup an information sharing mechanism to start exchanging knowledge and lessons learnt on cyber security issues i.e. how they mitigate incidents, which are the security measures they take etc.
- Recommendation 6: European Commission should encourage the development of baseline security measures for eHealth critical infrastructures and services. This should be done in coordination with the competent centres and the healthcare organisations operating the critical infrastructures.
- Recommendation 7: Member States need to implement widely accepted security standards to achieve interoperability.
- Recommendation 8: Member States should invest in raising awareness of the citizens and healthcare organisations in providing cyber security training to personnel and users.
- Recommendation 9: Member States policy makers should make sure that eHealth should align with the national CIIP strategy and with the National Cyber Security Strategy (NCSS).
PANACEA Research perspectives: This early ENISA study and its recommendations was a starting point for defining the research and innovation priorities for PANACEA in the context of Europe's Horizon 2020 programme. As such, PANACEA continues to investigate further work that ENISA is doing on cybersecurity in relation to EU policy measures and healthcare as a critical infrastructure.
Lookout Watch entry date: 07/08/2019