ENISA: As Cyberattacks on Health Sector Grow, Expertise Is Needed
Below are some snippets from Health-ISAC Chief Security Officer, Errol Weiss. Access the full article here:
Cyberattacks on the European Union’s healthcare sector grew by nearly 50% in 2020, over 2019, and continue to pose serious threats to patient safety, as well as to the entire health supply chain, says a new European Union Agency for Cybersecurity report assessing computer security incident response among EU members.
To help address those challenges, the ENISA report, among several recommendations, calls for the development of more dedicated, healthcare-sector specific computer security incident response teams, or CSIRTs, in the EU.
Some experts say the cybersecurity and incident response-related challenges facing healthcare sector entities in the EU are not much different from what healthcare sector entities in the U.S. and elsewhere globally are facing.
“Cyberattacks respect no borders,” says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center in the U.S.
“Our European counterparts are struggling with the same issues we’re dealing with in the U.S. – complex information security issues, lack of experienced resources and insufficient investments in cybersecurity technology and talent,” he says.
The Health-ISAC is working closely with European CERTs and specific country-level Health CERTs to promote information sharing and collaboration globally to help all its members be more resilient against cyberthreats, Weiss says.
In October, Health-ISAC held its second annual European Summit in the Netherlands, he notes.
Weiss says, “Thankfully, we continue to see high energy and willingness to share and collaborate amongst healthcare sector organizations,” including discussions about current trends in healthcare security, third-party risk, ransomware and innovative ways to maintain resilience.
“The good news is, across the health sector globally, we see that the National Institute of Standards and Technology has had fairly reasonable success driving adoption of the NIST Cybersecurity Framework outside the U.S.,” he says.