The ever growing IoT is making health care more effective and convenient, but at the same time interconneted devices and resources leaves hospitals open to cyber attacks. This is the conclusion of ENISA's latest study "Cyber security and resilience for Smart Hospitals", which investigates threats and vulnerabilities in hospitals using the Internet of Things.
According to the report, hospital IT staff and manager need a change in mentality to face the evolving ransomware and DDoS attacks in the hospital ecosystem.
The report offers the following recommendations:
- Healthcare organisations should provide specific IT security requirements for IoT components. Only state-of-the-art security measures should be applied.
- Smart hospitals should identify assets and how these will be interconnected before drawing up policies and practices.
- Device manufacturers should incorporate security into existing quality assurance systems. Healthcare organisation should be involved in the designing systems and services from the very beginning.
ENISA in 2017 will work on supporting the Member States introducing baseline security measures to the critical sectors, focusing on healthcare organisations. Moreover, in continuation to this work, ENISA will look more closely at cyber security issues in medical devices.