In times of a pandemic, societies are confronted with the central and essential role of the healthcare system. Unfortunately, the pressure of a healthcare crisis and increasing digitalisation are separate issues that can exacerbate each other.
While healthcare is a broad and complex system of institutions working together, hospitals are a logical starting point as the ones that are centralised, often the last resort and provide direct lifesaving care. The combination of being publicly accessible buildings with highly sensitive and specialized medical devices create unique circumstances that require similarly specialized and tailor-made (cyber)security measures.
Benchmark reports show that hospitals in the Netherlands generally have their cybersecurity affairs reasonably well in order. Unfortunately, as technology keeps evolving, so do the threats and malicious actors. Continuously measuring the state of security and threats is thus a necessary start to create awareness of what needs to done and where weaknesses lie. However, ‘measuring’ is easier said than done; because what does one measure and how?
In its role as the Dutch security cluster, HSD coordinates a project with a number of hospitals and expert partners to answer these questions. What would relevant metrics for cybersecurity in hospitals look like, how to set up continuous measurement, keep it cost-effective and do this in a way that allows hospitals to share and learn from each other. In late 2020 and early 2021 a number of sessions were organised in which the project’s scope was defined and priorities were set.
In 2021, two subgroups will start to work on setting up frameworks for metrics on:
- Cybersecurity awareness of employees
- Vulnerability and asset management
Once these are specified, the next phase will be a market consultation to gauge the possibilities the market offers to do a trial and implementation of the metric.
Providing input from the healthcare perspective in this programme are the following hospitals: Reinier de Graaff, Amphia, Haga, LUMC, CWZ and Isala. Additionally Z-CERT, the Cyber Emergency Response Team that is specifically focused on the healthcare sector, has an important role in providing input and explain what is on the horizon in terms of threats and solutions.