EU Report Calls for More Health-Specific Incident Response

ENISA: As Cyberattacks on Health Sector Grow, Expertise Is Needed

Below are some snippets from Health-ISAC Chief Security Officer, Errol Weiss. Access the full article here:

https://www.healthcareinfosecurity.com/eu-report-calls-for-more-health-specific-incident-response-a-17923

Cyberattacks on the European Union’s healthcare sector grew by nearly 50% in 2020, over 2019, and continue to pose serious threats to patient safety, as well as to the entire health supply chain, says a new European Union Agency for Cybersecurity report assessing computer security incident response among EU members.

To help address those challenges, the ENISA report, among several recommendations, calls for the development of more dedicated, healthcare-sector specific computer security incident response teams, or CSIRTs, in the EU.

Common Struggles

Some experts say the cybersecurity and incident response-related challenges facing healthcare sector entities in the EU are not much different from what healthcare sector entities in the U.S. and elsewhere globally are facing.

“Cyberattacks respect no borders,” says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center in the U.S.

“Our European counterparts are struggling with the same issues we’re dealing with in the U.S. – complex information security issues, lack of experienced resources and insufficient investments in cybersecurity technology and talent,” he says.

The Health-ISAC is working closely with European CERTs and specific country-level Health CERTs to promote information sharing and collaboration globally to help all its members be more resilient against cyberthreats, Weiss says.

In October, Health-ISAC held its second annual European Summit in the Netherlands, he notes.

Weiss says, “Thankfully, we continue to see high energy and willingness to share and collaborate amongst healthcare sector organizations,” including discussions about current trends in healthcare security, third-party risk, ransomware and innovative ways to maintain resilience.

“The good news is, across the health sector globally, we see that the National Institute of Standards and Technology has had fairly reasonable success driving adoption of the NIST Cybersecurity Framework outside the U.S.,” he says.

• Related Resources & News
• Leveraging ISO 81001-5-1 Amid Medical Device Procurement
• Mitigating risk as healthcare supply chain attacks prevail
• Enhancing Cybersecurity in Rural Hospitals
• Health-ISAC Hacking Healthcare 11-15-2024
• Cyber Incident Response: Playbook for Medical Product Makers
• Feds Warn of Godzilla Webshell Threats to Health Sector
• Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
• Health-ISAC Hacking Healthcare 11-7-2024
• Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks
• All hospitals should be concerned about cyberattacks. Here’s why