EU Report Calls for More Health-Specific Incident Response

ENISA: As Cyberattacks on Health Sector Grow, Expertise Is Needed

Below are some snippets from Health-ISAC Chief Security Officer, Errol Weiss. Access the full article here:

https://www.healthcareinfosecurity.com/eu-report-calls-for-more-health-specific-incident-response-a-17923

Cyberattacks on the European Union’s healthcare sector grew by nearly 50% in 2020, over 2019, and continue to pose serious threats to patient safety, as well as to the entire health supply chain, says a new European Union Agency for Cybersecurity report assessing computer security incident response among EU members.

To help address those challenges, the ENISA report, among several recommendations, calls for the development of more dedicated, healthcare-sector specific computer security incident response teams, or CSIRTs, in the EU.

Common Struggles

Some experts say the cybersecurity and incident response-related challenges facing healthcare sector entities in the EU are not much different from what healthcare sector entities in the U.S. and elsewhere globally are facing.

“Cyberattacks respect no borders,” says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center in the U.S.

“Our European counterparts are struggling with the same issues we’re dealing with in the U.S. – complex information security issues, lack of experienced resources and insufficient investments in cybersecurity technology and talent,” he says.

The Health-ISAC is working closely with European CERTs and specific country-level Health CERTs to promote information sharing and collaboration globally to help all its members be more resilient against cyberthreats, Weiss says.

In October, Health-ISAC held its second annual European Summit in the Netherlands, he notes.

Weiss says, “Thankfully, we continue to see high energy and willingness to share and collaborate amongst healthcare sector organizations,” including discussions about current trends in healthcare security, third-party risk, ransomware and innovative ways to maintain resilience.

“The good news is, across the health sector globally, we see that the National Institute of Standards and Technology has had fairly reasonable success driving adoption of the NIST Cybersecurity Framework outside the U.S.,” he says.

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%