Imagine a hospital paralyzed by ransomware, critical medical devices cause non -functional and sensitive data on patients. It is unfortunate that it is a fact that Mary Healthcare faced throughout Europe and the world.
Since health systems are subject to digital transformation, politicians and health care heads must be confrontable with disproportionate truth: cyber security is no longer just that. It is a basic part of patient care and organizational resistance.
The Action Plan of the European Commission for Cyber Safety of Hospitals and Health Care Providers is a timely and welcome initiative and must be matched by urgent, courageous and coordinated events throughout Europe.
This blog examines why health care is so attractive to cyber criminals and outlines Five actions Reset how we approach security in this sector with a long -term vision. This comprehensive, forward approach deals with unique health injury and at the same time allows organizations to build long -term durability.
Health sector: The main goal for cyber criminals
In 2024, the medical sector became the most vulnerable industry for ransomware attacks, with vulnerability of exploitation of cyber crimes in outdated systems, framed the IT environment and overloaded staff. Bets are high because the average cost of breach of healthcare data is $ 9.77 million, higher than any other sector. It is even worse that these balance sheets damage, threaten patient safety, care for delay and erode public confidence.
In the attack of ransomware not only does not lock data, it can also endanger human lives. Cyber safety must be considered necessary for patient care as a sterile operating room.
The healthcare sector collects a perfect storm of vulnerability, making it a particularly attractive target for cyber attacks.
First, health organizations have a cash register of sensitive data. Medical records have up to 50 times more than credit card numbers on the dark website because they cannot be canceled. They can be used to administer fraudulent insurance companies, obtain prescription drugs or create complete profiles for identity theft.
Second, medical systems rely on a combination of modern and old technologies. While the latest devices and software allow faster and more accurate diagnoses, many hospitals still operate outdated IT systems. In 2019, 71% of medical devices were running on outdated or almost horizon software. Even in 2022, 60% of French hospitals still affected an outdated infrastructure, including systems that no longer update security. This significantly expands the surface of the attack and often allows attackers to persist Nedeseted and worsens the impact of violations.
Third, the human factor cannot be ignored. Cyber security is not yet embedded in health care culture. Phishing remains the most common entrance point for attacks, while weak slogans, shadow IT and lack of consciousness are ubiquitous problems. In France, 70% of successful cyber attacks in healthcare are assigned to a human error.
Finlly, disparity within the sector deepens vulnerability. Larger hospitals often have reserved teams of cyber security, tools and budgets, while smaller hospitals, clinics and general practitioners rely on limited resources, sometimes none at all. This results in the industry where they are injured by the system, the attackers are encouraged and the consequences of inactivity are too serious to ignore.
Re -evaluation of Cyber Security: Five specific actions for Politics and Health Organization creators
1. Consider outdated IT systems as a systemic risk
Obtained IT system and equipment are not just in incapacity, they are a ticking time bomb and the risk of health care system.
Politics creators must motivate health organizations to identify and alleviate the vulnerability associated with the old system. The assessment of the maturity of cyber security for health care proposed by the European Commission for Health Care is a step in the right direction, but must be paired with solutions that can be made.
For example, network segmentation can insulate a vulnerable system to ensure that the attacks are done by lateral movement. As a result of the cyber maturity assembly, the support center could create a “list of monitored” key outdated devices and a system that will be replaced as a priority throughout the EU. It should also estimate the exchange costs. If the alleviation is not alleviated, the financing must be assigned to replace the device and software at the end of their lives. Importantly, this funding should not stop in one -off purchases, but must be for maintenance and upgrades.
2. Reimagine IT to spend models
Many hospitals operate over strict expenditure models that prefer capital expenditure over operating expenditures (OPEX). This is contrary to the growing trend towards models based on the object in the IT and cyber security industries.
The hospital must have flexibility for the redistribution of funds between CAPEX and OPEX without bureaucratic delay or approval. Politics creators should cooperate with national health authorities to revise budgetary rules, which would allow medical organizations to receive and maintain advanced solutions to cyber security. Without this flexibility, even the best tools risk that they will become insufficiently used or abandoned when donating operating budgets.
3
The great vulnerability of the health sector is not technology, they are people. Regular training on cyber security specific to sectors must be a mandate for all healthcare workers, from IT teams to the first line.
The training should not only cover basic cyber hygiene, but also employees of a preliminary point of view to respond effectively during the attack. For example, teams should practice the procedures of downtime to ensure the continuity of care, even if the systems are at risk. Politics creators must order this training to cadence in regulations such as the NIS2 Directive, and to import resources to make the training easily accessible.
4. Supports resources sharing and regional cooperation
Not every hospital can afford a specialized cyber security team, but the cooperation can bridge the gap. Sharing resources and regional cooperation represent scalable solutions for bridging these gaps. Member States should encourage hospitals to combine their IT sources and cyber security, as shown in the French “territorial hospital groups”.
These regional groups allow hospitals to share IT systems, issue common action plans and perform collective exercises in cyber security. Such cooperation can also help optimize costs, expand the intelligence of threats, and allow health care providers to learn each other and remain before emerging threats.
Politics creators should encourage these models throughout Europe and expand cooperation on laboratories, health insurance companies and research institutions to build a resistant ecosystem of health care, which protects patient data and ensures continuity of care.
5. Security of electronic health records (EHRS) as the highest priority
With the advent of the European area for health (EHD), EHRS will become the central point for the provision and research of health care. However, this also makes the main targets for cyber attacks.
Politics creators must ensure that the EHR system meets strict cyber security requirements listed in the cyber resistance Act. This included robust access control, encryption and interoperability standard to ensure that EHRS can be safely replaced over boundaries. The EHRS protection will require not only technical solutions, but also a comprehensive risk management strategy adapted to the medical sector.
Shared responsibility
Cyber security in healthcare is a shared responsibility that requires cooperation across the European Commission, Member States, health organizations and private sector governments. Politics creators must create frameworks of regulatory and funds needed to permit negotiations, while the head of health care must prefer as a strategic imperative. The private sector also has a key role, from providing advanced cyber security solutions to increase the skill gap.
The creators of politicians and health leaders must six at the moment to reconsider their approach to cyber security. By solving the frontal injury, it promotes cooperation and investment in long -term resistance, we can create a safe and prosperous health care ecosystem capable of protecting sensitive data and wrap up continuous care.
Share:
(Tagstranslate) Cyber Security (T) Cyber Security Training (T) EU Policy (T) Health (T) Policy (T) Skills