Versão em Português (clique aqui)
Threats in the Health Sector
According to the "ENISA Threat LANDSCAPE: HEALTH SECTOR" report, the health sector has traditionally been plagued by data breaches, due to the value of the data the sector manages and also due to the maturity of the legal framework that allows for more thorough reporting of data breaches. Between 2021 and 2023, data breaches were a key part of the landscape, often linked to other threats. It's important to highlight the rise in Denial of Service (DoS) attacks in the first quarter of 2023.
Actors and Motivation
The main actors involved in these attacks vary but often include cybercriminals and hacktivists. The motivation behind these attacks can vary, but it is often linked to financial gain, promoting a political agenda, or simply the desire to cause disruptions and damage.
Protection and Guidelines
Patient safety remains a top concern for the health community. A recent ENISA survey revealed that only 27% of organisations in the health sector have a dedicated ransomware defence programme. Moreover, 40% of organisations do not have a security awareness programme for non-IT staff. These figures underscore the pressing need for health organisations to apply cyber hygiene practices. These may include offline encrypted backups of critical data, awareness-raising and training programmes for healthcare professionals, vulnerability management and patching, stronger authentication methods, cyber incident response plans, and contingency plans.
Conclusion
The increasing digitalisation of health services, while bringing many benefits, also presents new challenges in terms of cybersecurity. It is imperative that health organisations in Portugal and across Europe take proactive measures to protect their systems and data, thus ensuring patient safety and the continuity of health services.
0 Comentários