The 1st session of the eHealth Security Conference stressed the need to apply stronger measures to secure the healthcare sector, in view of the Covid-19 pandemic. The next live session will reflect on the cybersecurity concerns for Covid-19 tracing mobile apps, which coincides with the launch of the EC gateway service for national contact tracing and warning apps for the prevention of Covid-19 spreading.
Together with the Danish Health Data Authority, the European Agency for Cybersecurity (ENISA) organises the eHealth Security Conference online Series on a monthly basis. The 1st edition focused on cybersecurity in healthcare during the COVID19 crisis. The event is available on the ENISA YouTube channel.
The next live session will present views and cybersecurity concerns about Covid-19 tracing mobile Apps on 23rd October 14:00-16:00 CET.
Key findings of the conference: Cybersecurity in healthcare in times of a pandemic
Preparedness through cooperation and trust to be further improved;
- Extra efforts to raise awareness on cybersecurity issues among healthcare professionals to be made;
- Privacy aspects in relation to eHealth security to be addressed;
- Explore security options provided by other technologies (such as cloud solutions).
The cybersecurity required in hospitals is not different from the cybersecurity required in other sectors. However, the essential difference here lays on the impact it may have on patients’ safety.
In addition to the needs highlighted by our participants, funding has been identified as a key element. It has become obvious that the cost of a cybersecurity incident may be significantly higher than the investment required to prepare against it. It was commonly agreed that hospitals will need extra national funding in order to reach the levels of cybersecurity required to operate securely.
Working together towards secure eHealth: participants contributions
Vibeke van der Sprong, Deputy Director General of the Danish Health Data Authority, introduced the measures applied in Denmark to enhance cooperation and support information sharing. Cyberattacks significantly increased over the last months. The necessity for employees to telework during the pandemic has been an aggravating factor. The authority worked closely with health professionals and launched a digital platform for information exchange. This platform was adjusted to meet the pandemic requirements, showing a flexible approach. An important point is to ensure how to best be prepared, through collaboration and trust, for the Danish healthcare system to quickly and adequately respond to the crisis.
Albert Haro, member of the Agencia de Ciberseguretat de Catalunya commented that the crisis shed a light on essential points to consider, such as:
- Preparedness to reduce the impact of incidents;
- Ensure flexibility by using cloud solutions;
- Consider the privacy aspects in the complex cybersecurity eHealth landscape;
- Promote awareness to healthcare professionals.
According to Sabina Magalini, from the Fondazione Policlinico Universitario A. Gemelli, the healthcare sector will never be the same after this crisis. Hospitals have avoided reporting cybersecurity incidents in fear of heavy sanctions. With the new era of remote working and life conditions, hospitals will be facing the development of teleworking and the increased need to resort to smart devices to operate. To support the cybersecurity challenges of these developments, the EU issues regulations specifically tailored to the health sector.
Martin Konir, from the Bulovka Hospital, reported that hospitals in the Czech Republic were the targets of heavy attacks during the first wave of the pandemic. However, thanks to the support of the National Authority, these attacks were neutralised. As a consequence of the media coverage of such events, the population is now aware of the issues and can understand the risks better. The situation has therefore created traction to implement stronger cybersecurity measures.
Join the 2nd online session of the eHealth Security Conference Series
The next live session will focus on cybersecurity for the Covid-19 tracing mobile applications and will introduce the EC toolbox. The session will take place on 23rd October 14:00-16:00 CET. The keynote speaker will be Christian D'Cunha from the European Commission, together with the designated panellists:
- Birgitte Drewes, from the Danish Patient Safety Authority;
- Dr. Dina C. Truxius, from the German Federal Office for Information Security (BSI);
- Ieva Ilves, digital policy and cybersecurity Advisor to the President of Latvia;
- Dirk Willem van Gulik, assisting the Dutch MoH with the “CoronaMelder”.
Press Contact
For questions related to the press and interviews, please contact press (at) enisa.europa.eu.