In recent years healthcare organisations have been constantly targeted by hackers and COVID-19 has made the situation worse. To help tackle the issue, the HIMSS Italian Community brought together local and global healthcare leaders to discuss ‘Health safety management: the new challenges’.
The pandemic has taught us that cybersecurity in the healthcare sector is a growing concern. In the last 14 months, according to the Clusit Report (Italian Association for Cyber Security) 2021, over 10% of the attacks carried out were related to COVID-19. Research institutions and companies involved in the development of vaccines against SARS-Cov-2 have been targeted by cybercrime, but hackers have exploited the situation of collective unease and the extreme difficulty experienced by some sectors to target their victims.
There is no shortage of “defense weapons” in the fight against cyberattacks. In the European Union, ENISA, the cybersecurity agency, takes care of implementing such weapons. There are many tools available: from the NIS Directive to the Medical Devices Regulation; from the Cybersecurity Act to Cyber Europe, Europe’s largest cybersecurity exercise for the healthcare sector.
In the US, the legislative framework provides guidance and support from the Health Insurance Portability and Accountability Act of 1996 (HIPAA), through the Health Information Sharing and Analysis Center (H-ISAC) and the Cybersecurity Act of 2015. Italy has a strategy for the digital growth of the country, the three-year plan for information technology, the perimeter of national cybersecurity, local laws and regulations.
Elena Sini, of the HIMSS Italian Community, says that active discussion is the most important aim of the community. They have found that their industry has also become a direct target of cybersecurity attacks. The webinar was proposed to gain awareness and support each other.
There is a lack of awareness that runs through all healthcare organisations, starting from the Board of Directors where cyber risks are not necessarily evaluated as they should, have not become a priority, to the medical staff who quite often perceive cybersecurity checks as an obstacle.