Cybersecurity in our hospitals: digital is a solution, not a danger!

Faced with the issue of cybersecurity, health data is a prime target: what can we do to better protect the digital infrastructure of our hospitals?

Cybersecurity is a well-known issue, again highlighted in the context of the war in Ukraine. Individual or company, everyone is affected by this essential issue. This is particularly the case for hospitals, which are prime targets because of the risk to health data.

The Digital Health Agency (ANS) notes that the number of incidents against hospitals is doubling each year: 730 in 2021, compared to 369 in 2020. This development places the health sector among the most affected sectors, ahead of the bank, industry or insurance. These attacks have serious consequences for both healthcare establishments and patients: paralysis of systems, theft, loss of sensitive data, concealment of health data or exposure to blackmail for tens of thousands of companies of all sizes. .

Faced with this challenge, the government announced in March 2021 the launch of the national cybersecurity strategy for health establishments led by the National Agency for Information Systems Security (Anssi).

Thus, the Ségur de la Santé has resulted in the granting of 350 million euros specifically dedicated to strengthening cybersecurity.

Despite this, the attacks have undoubtedly accelerated, intensified and structured. It is time to be alarmed and to provide solutions.

Prioritize interoperability more than ever to strengthen the cybersecurity of our hospitals

Because the protection of health data is a priority issue. These figures alert us to the need to strengthen the security of hospitals, that of patients and that of their data. One of the lessons of the crisis is the essential place that digital takes within our health system. This shift, now necessary, is based on the implementation of data exchange systems. This then raises the subject of system interoperability.

To use patient data from different systems, while guaranteeing their integrity and availability, it is essential that the exchanges comply with the latest standards and norms in force while minimizing the amount of data exchanged, according to the “Privacy by Default” principles. & Data Minimization”.

The pitfall, in view of recent events, could consist in thinking that the digitization of our health system would represent a considerable risk for the protection of individual data and the security of information in our hospitals. However, this opens up prospects for improving the patient journey in its entirety.

One of the notable advances made possible by digitization is obviously artificial intelligence, which today makes it possible to move towards the medicine of the future, that is to say predictive and personalized medicine.

More than a prerequisite, “integrated security” should be an end-to-end mindset

The processing of an increasing amount of health-related data, which is among the most sensitive personal data, requires the implementation of comprehensive security plans, guaranteeing the protection of products, equipment, commercial and personal data.

Digital requires us to guarantee the security of patient data throughout the system. More than a prerequisite, the security by design approach must constitute a true state of mind. The integration of security principles must accompany the design, development, testing and deployment of connected solutions, but also the monitoring, updates and, if necessary, the management of incident responses.

In addition to quickly facilitating the sharing of medical information between establishments, the interoperability of information systems is undeniably a key to guarding against cyberattacks. How ? By limiting incompatible interfaces and centralizing as much data as possible.

This establishment of a collaboration between technology and human work nevertheless requires training professionals to improve their security skills as well as the operational processes and technology to ensure computer security.

Fundamental work that requires better education of the general public in IT tools and their best practices, as well as massive investments within our companies and dedicated training and intelligence sectors for the retention of the best talents in cybersecurity terms.

“Respect for the fundamental right to privacy, a prerequisite for continuing to advance health and enabling innovation thanks to big data, with confidence”

Cybersecurity is not an option, neither is respect for the fundamental right to privacy. However, if health data are of a particularly sensitive personal nature, they are essential to continue to innovate in health. It is therefore essential for any company operating in the world of health to work in compliance with European regulations on data protection.

This condition, which is added to the other regulations ensuring the safety and quality of medical devices, requires complete transparency in the processing of data but also a particular requirement in the reporting and correction of vulnerabilities.

However, to be able to meet these new challenges, the response must be collective. It must indeed bring together regulatory bodies, industrial partners and health professionals.

Artificial, human or collective, only the combination of these intelligences makes it possible to protect against this type of attack and to continue the digital shift of our health system.

We want to thank the author of this post for this awesome web content

Cybersecurity in our hospitals: digital is a solution, not a danger!

We have our social media pages here and additional related pages here.