by Dr Christos Ntanos*
The healthcare sector has undergone a digital transformation in recent years, leveraging advanced technologies like artificial intelligence, high-performance computing, and the Internet of Things. While these developments have led to improved patient care and more efficient healthcare delivery, they have also exposed the sector to increased cyber risks. Sensitive patient data and critical infrastructures have become prime targets for cybercriminals, making it imperative for healthcare organizations to strengthen their cyber resilience.
In the context of the MES-CoBraD project, which I have the privilege of coordinating, our platform facilitates the secure sharing, analysis, and management of anonymized patient data. Although the platform was not directly affected by the recent cyberattack on Sant Pau Hospital in Catalonia, the incident underscores the urgent need for robust cybersecurity measures in the healthcare sector, especially in the interconnected systems such as eHDSI and the proposed European Health Data Space (EHDS).
Another notable example is the 2021 ransomware attack on the Irish Health Service Executive, which disrupted healthcare services and exposed sensitive patient data. These incidents emphasize the importance of addressing the cybersecurity challenges faced by interconnected medical systems, including those being developed within the EU.
Strategies for Ensuring Cyber Resilience in EU-Wide Interconnected Medical Systems
Drawing from the lessons learned in the SPHINX project, which aimed to develop a universal cybersecurity toolkit for the healthcare industry, several strategies can be applied to ensure the cyber resilience of EU-wide interconnected medical systems:
- Embrace holistic cybersecurity measures: Healthcare organizations must implement comprehensive cybersecurity frameworks that cover risk assessment, vulnerability management, incident response, and continuous monitoring. Such measures should extend across the entire organization, safeguarding network infrastructure, medical devices, and personnel.
- Prioritize security by design: Healthcare technologies must incorporate security best practices from the outset. Integrating security features at every stage of the technology lifecycle, from concept to deployment, can minimize vulnerabilities and prevent security breaches.
- Foster cybersecurity education and awareness: Continuous cybersecurity training should be provided to staff at all levels of healthcare organizations. By cultivating a culture of security awareness, organizations can reduce the likelihood of human errors that compromise systems.
- Collaborate and share information: Healthcare organizations should work together, sharing threat intelligence and best practices with each other and with relevant authorities, such as national cybersecurity agencies. This cooperative approach can help to identify and mitigate potential risks, enabling a more rapid and coordinated response to cyber threats.
- Establish cybersecurity certification and standards: The health sector should adopt consistent, sector-specific cybersecurity standards and certifications for products, devices, and services. This will help to ensure that healthcare organizations and their technology partners meet a minimum level of security compliance, fostering trust and confidence in the digital health ecosystem.
The digital transformation of the healthcare sector has brought immense benefits, but it has also introduced new challenges and risks. As EU-wide interconnected medical systems continue to develop, it is crucial for healthcare organizations to adopt comprehensive and proactive approaches to cybersecurity. By doing so, they can protect their critical infrastructures and sensitive patient data, maintaining trust in digital healthcare systems and enabling the continued advancement of health research, innovation, and policy-making.
* Dr Christos Ntanos is a Research Director of the Decision Support Systems Laboratory of NTUA and the Project Coordinator of the SPHINX and MES-CoBraD projects.