The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats.
We all know that attacks against hospitals are increasing, but according to security experts, ransomware and DDoS attacks are just the start.
The report, compiled with the help of infosec officers from several European hospitals and consultants and researchers from a variety of healthcare-oriented security bodies through the EU, contains:
- Information about the regulatory framework and guidelines related to information security in a smart hospital environment,
- An asset-centric approach to threat and risk analysis for the smart hospital environment,
- Likely attack scenarios (social engineering attack on hospital staff, tampering with medical devices, theft of hospital equipment, ransomware attack on hospital information systems, etc.)
- Control and recovery measures, recommendations (both for hospitals and the healthcare industry), and security good practices (organizational and technical measures).
ENISA in 2017 will work on supporting the EU member states introducing baseline security measures to the critical sectors, focusing on healthcare organizations. Moreover, the agency will look more closely at cyber security issues in medical devices.
“Interconnected, decision making devices offer automation and efficiency in hospitals, making them at the same time vulnerable to malicious actions. ENISA seeks to co-operate with all stakeholders to enhance security and safety in hospitals adopting smart solutions, namely smart hospitals,” ENISA Executive Director, Udo Helmbrecht, commented this latest release.
This report is meant for hospital executives and IT and security professionals, but could also be a good read for executives and professionals of manufacturers of connected devices for healthcare, healthcare consultants, as well as policy makers from EU member states.