The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
The European Agency for cybersecurity, ENISA, has published guidelines aimed at helping healthcare organisations securely adopt cloud services and prepare for cybersecurity challenges.
The January 2021 report, Securing Cloud Services for Health, builds on ENISA's procurement guidelines for cybersecurity in hospitals (2020) by assessing the cyber risks of cloud services, highlighting best practices for their secure integration into the European healthcare sector. The report is linked to the EC's 2021 focus on the European Health Data Space initiative to promote the safe exchange of patients’ data and access to health data.
The COVID-19 pandemic brought into sharp focus the need for efficient and secure digital healthcare services. Cloud-based solutions enable flexible and rapid deployment of the electronic storage of data and communications like telemedicine. However, several barriers are standing in the way of adoption in healthcare, including:
The security guidelines zoom in on these very concerns with a view to further digitising healthcare services with cloud services, which are used for:
For each one, the report key factors that need taking on board when healthcare organisations conduct risk assessments, e.g. in terms of risk to sensitive patient data or the availability of a medical service.
However, the guidelines are intended as a first step for healthcare providers for the secure shift to the cloud. On top of these, the sector needs to ensure support from established industry standards on cloud security, specific direction from national and EU authorities and further guidelines from Data Protection Authorities on transferring healthcare data to the cloud.
The report also proposes a set of security measures for healthcare organisations to implement when planning their move to cloud services, e.g. processes for incident management, data encryption requirements, data portability and interoperability.
The measures are proposed in the light of the draft candidate EU Cybersecurity Certification Scheme on Cloud Services (EUCS) to ensure compatibility and requirements mapping, which is part of the larger certification framework aimed at enhancing trust in ICT products, services and processes across Europe.
Lookout Watch Entry Date: 24.02.2021