ENISA – The need for Incident Response Capabilities in the health sector

ENISA analyzed the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive.

The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive.

An attack against a hospital can lead to physical damages and put the lives of patients at risk. The Agency remarks the need to set up solid Incident Response Capabilities (IRC) in the health sector. The document aims at offering insights on current incident response (IR) trends and providing recommendations about the development of IR capabilities in the health sector.

In 2020, the number of reports sent to ENISA about cybersecurity incidents saw an increase of 47% compared to the previous year.

The level of exposure to cyber threats is increasing to the adoption of emerging technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), big data, and cloud computing.

Computer Security Incident Response Teams (CSIRTs) are tasked to develop the capabilities needed to address cyber threats and implement the provisions of the Directive on security of network and information systems (NIS Directive).

“Although dedicated health sector CSIRTs are still the exception in the Member States, sector specific CSIRT cooperation is developing.” reads the report. “The lack of sector-specific knowledge or capacity of national CSIRTs, lessons learned from past incidents and the implementation of the NIS Directive appear to be the main drivers of the creation of sector-specific incident response capabilities in the health sector.”

While the lifetime of healthcare equipment is about 15 years on average, the pace of updates that are released by the vendors but in many cases, the healthcare devices remain unpatched for long periods. Another challenge the healthcare sector is faced with is the complexity of systems due to the increased number of connected devices is enlarging the attack surface.

Below is the list of recommendations included in the report:

1. Enhance and facilitate the creation of health sector CISRTs by allowing easy access to funding, promoting capacity building activities, etc.
2. Capitalise on the expertise of the health CSIRTs for helping Operators of Essential Services (OES) develop their incident response capabilities by establishing sector-specific regulations, cooperation agreements, communication channels with OES, public-private partnerships, etc.
3. Empower health CSIRTs to develop information sharing activities using threat intelligence, exchange of good practices and lessons learned, etc.

“The key force driving the development of incident response capabilities of CSIRTs is the information related to security requirements and responsibilities of organisations for each sector.” concludes the report. “Shared frameworks for incident classification and threat modelling, education activities and a network allowing communication between incident response actors constitute the main resources and tools currently supporting the development of incident response capabilities.”

https://www.enisa.europa.eu/publications/csirt-capabilities-in-healthcare-sector

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Operation Cyclone)

[adrotate banner=”5″]

[adrotate banner=”13″]