Smart Hospitals Need to be Secured

ID 660205
Updated 12/2/2016
Version Latest



I want my hospital to be smart, but I demand it be secure and safe!  A new report from the European Union Agency for Network and Information Security (ENISA) outlines strong recommendations for hospitals to protect themselves from cyber risks as they embrace new technology.

The Best Care Possible

When we or our loved ones need medical assistance, we want the very best technology and care to be available.  Hospitals are upgrading to improve care, increase efficiencies, and enhance the patient experience with many new technologies.  These systems, which can range from interconnected clinical information systems, remote care devices, patient identification tools, drug management controls, and mobile clients for staff, are designed to make hospitals smarter and more effective in their purpose.  But with the influx of new technology, comes increased cyber risks.

Risks and Recommendations

ENISA provides security expertise and guidance for its EU member states, businesses and citizens.  ENISA’s recent report Smart Hospitals – Security and Resilience for Smart Health Service and Infrastructures describes a number of areas where assets and threats intersect to form new risks.  It also outlines good security practices, both technical and organizational, while keeping a pragmatic stance on cybersecurity.   It is a valuable read for those in the healthcare industry who are involved in protecting patients, tools, data, and services.  C-suite staff, including the Chief Information Officers (CIO), Chief Information Security Officers (CISO), Chief Security Officers (CSO), and Chief Privacy Officers (CPO), should pay particular attention to the recommendations and understand the threat scenarios.

As hospitals race to upgrade to better facilities, tools, networks, and services, they will inadvertently introduce vulnerabilities.  The key will be in properly managing these risks while gaining the benefits of the advanced capabilities.  This must begin early in the process and remain current over time.

Beyond Scary

For the last few years, the healthcare industry has been most worried about data breaches.  2015 was a particularly bad year where it reached epidemic levels.  Just the top 10 healthcare breaches affected almost 35% of the U.S. population.  As we move into 2017 and beyond, hospitals may very well look back on data-breaches as the "good ole days" when cybersecurity was easy as compared to new challenges.  Compromises in devices, diagnosis systems, drug distribution, and other critical services is an entirely different level.  Who wants to be sitting in a hospital bed wondering if the equipment they are hooked-up to could be hacked or if their diagnosis is incorrect because of data tampering?

The Cure

The healthcare industry is about to step into a whole new level of cyber risks. We must think ahead as technology expands to put life-safety at risk.  Hospitals and emergency care is one place where nobody wants cyberattacks to cause impacts.  The ENISA report and recommendations are a strong stride in the right direction, but more work, collaboration, and insights will be needed to keep the very best healthcare secure, private, and safe.


Image Source: Some images reproduced with permission from ENISA Smart Hospitals – Security and Resilience for Smart Health Service and Infrastructuresreport. Copyright ENISA.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.