Life expectancy is increasing in Europe and the population is aging. The proportion of elderly people in our countries is increasing together with the number of citizens suffering from chronic diseases (about 40% of the population above the age of 15). These factors increase healthcare costs in Europe. Healthcare is, in most European countries, a growing component of GDP, in some cases still a growing part of public finances, representing between 4% and 12% of GDP in EU Member States.
The quest for more efficient ways of providing the population with good medical attention at lower costs is crucial. The application of Information and Communication Technologies and also an ethical exploitation of data are of great help. In other words, eHealth is now seen as one of the best ways of maintaining quality health services in an affordable way. Consequently, the uptake of eHealth solutions and technologies is expected to soar in upcoming years.
On the other hand, cyber-attacks are constantly increasing. Attacks of this kind focus on stealing financial information, billing information, and bank account numbers using stolen devices with un-encrypted data, phishing and spam mails. Technological breakthroughs have led to advanced cyber warfare using SQL injections, advanced persistent threats (APT), zero day attacks, and advanced malware. The eHealth sector is no exception to this increasing threat and has already suffered severe consequences from very headline-grabbing attacks.
Another crucial aspect to be factored in here is that of life-threatening patient safety risks due to tampering with health or eHealth equipment. Safety-critical medical devices are increasingly based on standard operating systems, rarely patched and often interconnected to the Hospital networks. Even when these devices are personal devices, they can be often updated OTA (Over the Air) leaving room for manipulation and hacking with the consequent risk to the patient’s health and even life. Adequate cybersecurity safeguards during the design, development but also operation of these devices is of crucial importance.
The abovementioned scenario brings out the need of designing and deploying specific Health sector cybersecurity solutions that will enable it to cater for its present and future needs.
Based on the above, the eHealth sector’s main needs can be summarized as follows:
- eHealth service resiliency against cyberattacks. System availability and business continuity is the key component for providing seamless electronic healthcare services. Access to critical health information by authorized professionals as well as secure access control by end-users need to be guaranteed in order to ensure the best healthcare services.
- Real-time security and dependability monitoring.
- Since the human factor is one of the major security threats in the eHealth domain, it is vital that personnel be made aware of the basic cyber security threats they are exposed to.
- Medical Research can largely benefit from access to a large set of data not only from clinical trials, but also from monitoring the actual health parameters of patients and correlating them with environmental characteristics, population data, location etc. Healthcare digitalization can provide this data in unprecedented volume and quality, but there is a pressing need of safeguarding data privacy as well as data integrity, and also ensuring data subjects can control the use of their data. Transparency of data usage is a prerequisite.
- Address the lack of harmonization of services and Electronic Health Records (EHR) within Europe.
- Include security and privacy by design in the development and upgrading of hospital services and, more importantly, medical devices.
- When new devices or systems are implemented, cyber security aspects need to be planned and implemented right from the beginning, meaning the procurement, outsourcing and maintenance phases of new systems needs to be defined beforehand
GMV is chairing the Sub-Working Group 3.6 in HealthCare at ECSO (European CyberSecurity Organization) looking for joint public-private solutions to these challenges.
Author: Julio Vivero Millor
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV