(Giancarlo De Leo, Consultant in Medical-Scientific Publishing and Digital Health, Member and Secretary of AIDR)
In recent years, the increase in health needs and the advancement of technology have determined for the health sector the need to adapt traditional models to technological innovations, creating a new way of managing health.
Health systems have become more digital and interconnected and allow for faster and easier access to the health services offered.
During the current health emergency situation generated by the Covid-19 pandemic, the adoption of new technologies in the health sector, which cannot ignore the Health Technology Assessment (HTA: an approach that aims to evaluate the introduction and disposal of health technologies in a multidisciplinary perspective, to support those who have decision-making power in the health sector), has proved effective in improving access to care and the quality of life of citizens-patients, but above all, it has determined an acceleration of the digital phenomenon that has found the National Health System severely under pressure, having to respond to an increasing demand for health assistance and, at the same time, guaranteeing social distancing to prevent the spread of the infection.
The digitalization of healthcare represents a great challenge for the future and an opportunity to bridge the ever growing gap between the progressive aging of the population and the lack of available resources.
In this scenario, cybersecurity plays a leading role: in the health sector, cyber attacks are intensifying every day and are particularly worrying, as they can threaten the security of data and health information as well as the health of patients.
In this regard, numerous attacks have been detected against health organizations and research laboratories active in research for the fight against Coronavirus.
The offensive tool used is often the “ransomware”, a software that steals the data of the healthcare facilities and the personal information of patients and keeps them blocked until the subjects who created it receive the requested ransom in payment.
From the whitepaper "Understanding cyber risk - The new horizon in healthcare", which, by collecting the responses of 68 health professionals (Risk Managers, Quality Managers, Data Protection Officers, Information Security and Clinical Engineering Managers, as well as Heads of the Health and General) operating in structures distributed over 14 Italian Regions, analyzes the preparation and awareness of Italian Healthcare to deal with the cyber threat (the term cybersecurity means those aspects of information security implemented through the use of technological tools. information security is first of all a comprehensive approach to security management, of which cybersecurity is only a subset) what emerges is that the hacker threat is not underestimated.
The trend of cyber attacks on Italian hospitals and medical centers is confirmed.
In fact, 24% of healthcare facilities in our country reported having suffered cyber attacks in 2020, of which 11% was made up of ransomware and 33% from abusive access to data.
According to the research, in fact, 59% of the structures perceive the cyber risk issue in healthcare as a priority that impacts on the services provided and internal organizational models. A further 31% rated the issue as partially a priority. Nonetheless, analysts note that the measures adopted by structures to prevent and manage cyber risk are still infrequent: mapping, risk analysis and vulnerability tests are only one third of the total.
The European Cybersecurity Agency, ENISA, also confirms a rather worrying scenario, according to which attacks on European supply chains will quadruple in 2021, compared to last year (https://www.aidr.it/ cyber-resilience-act-and-European-information-center-on-cyber-defense /).
To deal with the problem of IT security, Legislative Decree no. 82 of June 14, 2021, on "Urgent provisions on cyber security, definition of the national cyber security architecture and establishment of the National Cyber Security Agency" established, in Article 5, the Cyber Security Agency national security (https://www.gazzettaufficiale.it/eli/id/2021/06/14/21G00098/SG) converted by Law no. 109 of 4 August 2021 (https://www.gazzettaufficiale.it/eli/id/2021/08/04/21G00122/sg).
Law 109/2021, which defines the National Cybersecurity Architecture, introduces various innovations on the subject and establishes:
- The National Cybersecurity Agency;
- The Interministerial Committee for Cybersecurity;
- The Cybersecurity Nucleus
But now, in the European Cybersecurity Month held every October, what possible suggestions?
1) Focus on Information and Training
Correct and timely information on possible risks and adequate training on cybersecurity issues is the first line of defense against cybercrime which, in most cases, is favored precisely by people's error or negligence.
An untrained employee could, for example, open suspicious emails or fail to adequately protect sensitive information by engaging in non-security compliant behavior.
2) Adopt Email Security Virtual Appliance solutions for Email
E-mail is the main means of corporate communication. It is estimated that over 300 billion emails are currently being sent per day. It is therefore not surprising that email is the preferred tool for hackers to convey attacks, of which there are many variations: malware, botnets, whaling, phishing. Less dangerous, but undoubtedly annoying, is the spam through which massive advertisements are sent that slow down and mislead employees' work.
3) Consider Adaptive Multi-factor Authentication solutions for Username and Password
Traditional usernames and passwords are no longer sufficient to authenticate users.
Every day there are new stories of identity theft by hackers at varying degrees of severity. Weak credentials or stolen credentials are the favorite weapons used by hackers, accounting for approximately 76% of all network intrusions.
4) Use storage virtualization technology
Storage virtualization technology transforms normal disk space into a centrally managed storage "pool" that is always available and faster: reduces I / O bottlenecks and lost revenue, improves performance, decreases costs and the risks. This completely hardware-agnostic software bridges the gap between the business need for real-time answers and the need to make the most of current and future IT resources, with a strong focus on workload optimization.
5) Work on a unified workspace
A unified workspace that provides highly secure and controlled access to legacy, web, and SaaS files and applications in a browser-based workspace, accessible through any browser, on any device. But only a healthy and honest common sense will allow therefore not to incur irreparable damage for the citizens of the National Health System.