ENISA issues key recommendations on protecting eHealth services and infrastructures
December 2015 by Marc Jacob
The potential impact of an outage in the information systems of a hospital can
be extreme. The loss of service or failure of a medical device due to remote
hacking (e.g. via brute force and DoS attack) can be significant. Such cyber
security incidents have greatly impacted health services delivery risking lives
and limb of patients and exposing institutions and health care systems to
reputation risk. Healthcare is moving up on the policy agenda and it is often
treated by the EU Member
States as a critical infrastructure. ENISA has engaged more than
fifteen MS and two EFTA countries in a study to identify the measures policy
makers and the private sector should take to improve the security and resilience
of eHealth systems. This study focuses on three broadly used, real cases, namely
Electronic Health Records, national eHealth services (for example ePrescription)
and Cloud Services supporting eHealth systems.
The Executive Director of ENISA, Udo
Helmbrecht, commented on this report: "The complexity
and interdependencies of eHealth systems have been steadily increasing.
Ensuring the availability, integrity and confidentiality in eHealth is a
challenging task for providers and beneficiaries. ENISA seeks co-operate with
all stakeholders to enhance the security and privacy of all eHealth
infrastructures and services."
The report recommends, inter alia, that:
· National cyber security authorities should identify critical eHealth assets
and carry out risk assessments with a view to mitigate risks
· Policy makers should introduce baseline cyber security guidelines for
eHealth infrastructures and services
· eHealth operators, along with public sector actors, should setup an
information sharing mechanism to exchange good practices and expertise on
threats and vulnerabilities.
These findings were validated by numerous experts from the public and private
sectors in an open
workshop organised together with the European Commission on 30th
of October 2015.
New technologies, such as cloud computing, smart devices and the Internet of
Things, already provide the innovation drive eHealth needs. As cyber security
challenges grow alongside services in 2016, ENISA will focus on the adoption of
Cloud computing by healthcare providers and carry out an analysis regarding