The importance of cybersecurity in today's digital age is a critical factor in many areas, especially in the health sector. It is important to bear in mind what challenges we face, what the strategies are for tackling them and how technology and collaboration can be the keys to guaranteeing cybersecurity. Proper protection of data and computer systems is necessary in the face of cyber-attacks to ensure that all information, both client and company, is kept private. It is important to analyse current threats and best practices to protect information and ensure a secure and reliable digital environment.
Moreover, it is a field that is still full of uncertainties and, for this reason, CataloniaBio & HealthTech has brought together four experts from very different fields, such as business, health care providers, teaching and public agencies, to give their point of view and share their impressions, experiences and best practices in this area. The session was moderated by Alfons Nonell, CEO of DevsHealth and chair of the CataloniaBio & HealthTech Internal Digital Committee, who proposed the theme of the session.
What public resources do we have?
Roger Civit, Head of Information Security at the Cybersecurity Agency of Catalonia, shared what has been the deployment of the comprehensive security model in the health sector, worked jointly from the Department of Health and the Agency itself, so that the data is secure. Always bearing in mind that each hospital has its own security systems, but that they are also interconnected. After reviewing the various actions (harmonising, establishing security perimeters, minimising the risk of threats, informing and training staff, etc.), the lesson learned is that, if there is a good security system, the reaction can always be quicker in the event of an incident and the impact can be minimised.
He recalled one of the usual sentences in the field of cybersecurity: "there are two types of companies: those that have already suffered a cyberattack and those that will suffer one".
How can we protect ourselves?
There are many potentially vulnerable points in a health institution. Manel Medina, Senior Prof. at the Universitat Politècnica de Catalunya (UPC), identified some of them. On the one hand, it is necessary to take into account the supply chain to control how the products arrive (if they are approved, where they come from, how they are configured...). It is also important to identify the medical devices connected to the centre and/or at patients' homes, for which it is advisable to protect them from the network or to ensure that they can only access limited and secure connections. Finally, seeking to ensure the security of people, he stressed the importance of training technical staff, testing recovery plans and, in short, being able to generate digital confidence.
The need for constant updating and vigilance
From the point of view of the Director of Digital Organisation at Parc Taulí Hospital, Anna Benavent Navarro, the way to deal with possible attacks is to be as prepared as possible, both in terms of infrastructure and staff training. But the most important thing is to be able to be attentive and constantly vigilant, because from the theory (the recommendations) to the real world, there are many issues that can slip through the cracks. An example: the management of the use of work devices for work or personal use. Or, what happens when the same professional is, at the same time, a clinician at the Hospital, is in a research group at the institute and is a professor at the UAB? A fact that, in the case of Taulí, a university hospital with an associated research centre, is more than usual.
The basis of risk prevention
When it comes to protecting oneself in this sense, it is also important to consider the various regulatory frameworks. Francisco Rodríguez Gómez, Senior MedTech Officer at Asphalion, shared the different levels of security that are considered and that need to be defined, using the case of medical software, before starting to work on risk prevention. Starting with IT security (credentials, users, access levels...), continuing with location security and, finally, focusing on information integrity.
At the moment of opening the conversation with the assistants, about thirty professionals of the sector, issues about the best way to collaborate (suppliers and centres) to be able to guarantee security together also came up; the fact that health data are among the most valuable and potentially most under attack; the resources available in the sector to protect them; and, in conclusion, the unquestionable need for continuous monitoring and improvement, together with the need for contingency plans. The Lessons Learned ended with a networking space for the attendees, where they could share experiences, questions, and contacts.
See you at the next Lessons Learned!
Comments