The European Union Agency for Cybersecurity (ENISA) says cyber attacks on the health sector have risen by almost 50%.
In 2020, ENISA received a total of 742 reports about cybersecurity incidents with a significant impact on critical infrastructure under the Directive on security of network and information systems (NIS Directive). The health sector saw an increase of 47% of such incidents in 2020 compared to the previous year.
Cybersecurity attacks on healthcare can threaten lives and affect the entire health supply chain with damaging consequences for all stakeholders concerned such as citizens, public authorities, regulators, professional associations, industries, small and medium enterprises.
The number of cyber threats over the years is now rising proportionally to the growing popularity of emerging technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), big data, cloud computing and the multiplicity of connected devices, among others.
It is the role of Computer Security Incident Response Teams (CSIRTs) to develop the capabilities needed to address such issues and implement the NIS Directive provisions.National CSIRTs are the entities in charge of incident response in the health sector. Although dedicated health sector CSIRTs are still the exception in the Member States, sector specific CSIRT cooperation is developing.
ENISA says there is a lack of security culture among Operators of Essential Services within the EU. Because the pace of updates quickly outruns the pace of IT technology evolution when healthcare equipment usually has a lifetime of 15 years on average, vulnerabilities tend to accumulate with the obsolescence of the IT layer through the lifecycle of hardware and digital devices. Another challenge the healthcare sector is faced with is the complexity of systems due to the increased number of connected devices leading to an extension of the potential attack surface.
The key force driving the development of incident response capabilities of CSIRTs is the information related to security requirements and responsibilities of organizations for each sector. Shared frameworks for incident classification and threat modelling, education activities and a network allowing communication between incident response actors constitute the main resources and tools currently supporting the development of incident response capabilities.
National health sectoral CSIRTs tend to provide services better suited to the sector. Because sectoral health CSIRTs remain scarce in an environment where specialized support is needed to develop incident response activities, ENISA recommends aiding the creation of health sector CISRTs by allowing easy access to funding, and promoting capacity building activities.
The health CSIRTs could then assist Operators of Essential Services to develop their incident response capabilities, ENISA says, by establishing sector-specific regulations, cooperation agreements, communication channels, and public-private partnerships.