How to improve cybersecurity for European hospitals

How to improve cybersecurity for European hospitals

Since the outbreak of the COVID crisis, many hospitals in Europe have been the target of significant cyberattacks.

Earlier this year, you might have read news reports in France that two hospital groups were affected by ransomware attacks in less than a week.

“Ransomware” is a piece of malicious software that is encrypting data on an IT system. Perpetrators claim that the key to recover the data can be bought in exchange of a ransom payment, which is not always true. In most cases, attackers simply find a way of tricking someone in the hospital into clicking on an attachment with the ransomware, which is not even tailored to the specific systems of that organisation.

The need for cybersecurity of European hospitals is increasing

Already early during COVID crisis, in March 2020, Spanish daily El País reported about “massive attacks” on the IT infrastructure of hospitals in the country.

The British newspaper Daily Mail also reported about a worrying case in the Czech Republic when a cyberattack halted Corona tests in a hospital which resulted in bringing treatments of infected patients to stop as computers had to be shut down.

Furthermore, in Germany, there was a specific case in September 2020 where prosecuters believe a ransomware attack on a hospital in Düsseldorf might be directly linked to the death of a woman.

These examples show two things: Firstly, health services are among the most critical infrastructures, especially in times of crisis like COVID. People’s lives are dependent on their flawless and secured availability. Any disruptions might put them at risk which is why we need to give this aspect significant attention. Secondly, and therefore unsurprisingly, cybercriminals have identified health services as lucrative targets for ransomware attacks.

In fact, experts even say healthcare is “the No. 1 target for cybercrime and the number of attacks on healthcare organizations have been increasing exponentially over the past few years, primarily because of the value of data they can obtain from a successful attack, and the fact that cybercriminals know that if they lock up systems and data, that has a significant impact on operations”.

So the simple but so decisive question is: What can possibly be done to avoid, as best possible, such scenarios like the above in the future?

All modern hospitals rely on information systems which are linked to connected equipment such as medical scanners, heating and air-conditioning systems and also store the ever increasing amount of private health data needed to improve patient care.

Thus health services can be seen as being among the most vulnerable infrastructures where lives depend on business continuity.

Airbus helps improve cybersecurity of European hospitals

This has led to the European Commission launching the SAFECARE project in 2019 as part as the Horizon 2020 framework programme for research and technological development.

Within this framework programme, Airbus Cybersecurity was then contracted by the Commission to lead the technical activities of the consortium of 21 industrial and academic partners including several major European hospitals.

No alt text provided for this image

The aim of this project since its inception is to provide new solutions that answer the new physical and cybersecurity challenges for health services. It provides new technologies and novel approaches to enhance threat prevention and detection, incident response and mitigation of impacts on systems.

Airbus acts as the technical coordinator of this project and is leading the development of cyber security solutions for the whole hospital eco-system including IT networks, OT infrastructure (medical devices) and building management system (BMS). The innovative cybersecurity solutions will help protect hospitals thanks to an IT threat detection system, an advanced file analysis system and a cyber threat monitoring system.

The project is looking to increase the compliance between security tools and European regulations regarding ethics and privacy for health services.

Through our so called Airbus CyberRange, we have been performing tests such as to simulate a hospital network experiencing several cyber-physical attack scenarios. The results have been promising and with these experiences under our belt, the SAFECARE solution will aspire real demonstrations with three large European hospitals in Amsterdam, Marseille and Turin.

Safeguarding critical infrastructures such as hospitals is a constant fight. But it`s an important one for which we require the right level of vigilance, flexibility and tools.

Christian Loiseau

Hands-on Tech-driven Executive. I'm happy to drive business growth through strategic Sales and Marketing, sustainable innovations, and impactful solutions.

8mo

Thanks for this!

Like
Reply

Very much to the point. Unfortunately an ever growing threat that we have to fight against...

Like
Reply
Stefan David

Manager Application Engineering - We're Hiring!

3y

Thanks for sharing. In my experience the topic of #Cybersecurity is one of the biggest challenges in a Software-driven and connected world. Why? Investing time to secure systems is still often seen like "paying an insurance". It is not clear if you need it and you feel like you waste time and money ....until you get hacked, all your data is encrypted, stolen, etc. Developers and architects need to get systematically trained and equipped with the right tools to develop secure systems and code. A change in the mindset is needed from everybody developing connected software and systems. New standardization such as #unece and #21434 in automotive, #DO326 in aerospace or #iec62443 are a great framework and #CERTC helps to educate engineers, but we still need to be aware and prepared for unknown attack paths hackers can take.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics