Digitalisation has arrived to become a part of almost every aspect of today’s society. Healthcare sector is no exception and, without a doubt, its relationship with technology is closer than ever. Nevertheless, underlying the benefits of this digital progress, we find the other side of the coin in the shape of multiple threats. Here is where cybersecurity plays a relevant role in protecting healthcare systems and the information they contain. In May of 2021, a large-scale ransomware cyberattack targeting the Health Executive Service of Ireland, switched off all nation’s IT systems. This is a clear example of how, as innovation in cyberspace and in digitalisation increases, also does cybercrime, leading to dreadful consequences such as having a crucial sector like healthcare attacked if not protected correctly.
Recognising the increasing exposure of the healthcare sector to cyberthreats, Interreg Europe CYBER project partners carried out the analysis of the strengths, weaknesses, opportunities, and threats (SWOT) of their regional healthcare systems. The SWOT analysis was implemented by Digital Wallonia Agency, Regional Council of Brittany, Tuscany Region, Chamber of Commerce and Industry of Slovenia, Information System Authority and Košice IT Valley. The results have been presented and discussed during a dedicated online meeting, held on the 4th of February 2022.
From sharing the different analysis undertaking by each partner, some agreements on which are the strengths and how to take advantage of the opportunities were made.
One of them is the enormous range of improvement still possible to reach in the cybersecurity sector. This enables an increase in competitiveness thanks to the need for rapid development of new solutions. Cybersecurity also constitutes a space of trust for the regional dynamics of public and private health establishments. Instead of creating rivalry, it boosts cooperation among the governmental bodies and healthcare institutions as well as among public and private health centres with the aim to achieve the same goal.
These strengths can be translated into a window of opportunities for the healthcare sector. According to the findings, stablishing a joint strategy is key for survival, a unique model of response will give more coordinated answers to major incidents and improve resilience in the sector. On the other hand, cybersecurity solutions for the healthcare sector are still a small part of the cybersecurity market. This brings some limitations, but also the advantages that must be considered. These advantages include the easiness of building more trust among the different parties involved in the healthcare system, which derives in creating faster channels of information exchange and stablishing a network of reliance on regional SMEs with expertise.
Regardless of the opportunities presented in the project, CYBER partners also identified some weaknesses that are hindering the progress of cybersecurity in the healthcare sector. The analysis highlighted the lack of investment being the most relevant, as it prevents from acquiring more resources and growing in the field. The widening gap in digital and cyber education is another key issue. Cybersecurity in healthcare sector is hindered by the lack of training and awareness among the medical personnel. This is also related with the wider cybersecurity skills gap as not enough people choose the cybersecurity career.
Ending with the threats that the healthcare sector is facing, we find the complexity of coordinating a system with different governance levels, and the difficulty to ensure the interoperability between the public and private health centres coexisting in the same network. This results in a heavy fragmentation and no proper exchange of practices among the health centre, which prevents the implementation of reciprocal improvements. Such fragmentation is not only applied within the same regional ecosystem but also within the multiple territorial levels. The lack of pan-European legislative and regulatory framework jeopardizes the possibility of having a coordinated cybersecurity guideline at the regional and national level in Europe.
Drawing on the insights and findings of the SWOT analysis, CYBER partners agreed on the urgency to fight fragmentation by starting with policies that target the whole healthcare sector and can be applied to both public and private sector. These same policies must have a longer perpetuity, aiming to establish annual or triennial plans, and not setting strategies for emergency situations only. In addition, all partners agreed about the importance of focusing on prevention and precaution to avoid threats more than working on recuperation plans after a damage is caused. Lastly, a continuous effort in raising awareness on cybersecurity for all the healthcare sector and society at large must be ensured, as it constitutes a transversal component that must be considered in every sector.