Professional Documents
Culture Documents
Security and Resilience For Smart Hospitals Key Findings
Security and Resilience For Smart Hospitals Key Findings
Key findings
Dimitra Liveri, Ilias Bakatsis, Athanasios Drougkas| ENISA
2nd eHealth Security Workshop| Vienna | 23rd November
European Union Agency For Network And Information Security
2016: ENISA work to secure Smart
Hospitals
Objectives
• Improve security and resilience of
hospitals information systems
• Identify common cyber security
threats and challenges and,
• Present mitigation measures to
address them
• Support pilots in hospitals across the
EU
• Target Audience
- Healthcare Providers / Hospitals – CIOs/CISOs etc.
- Industry stakeholders
- Policy Makers
Responders :
” 4
Why Hospitals are becoming “Smart”
5
Threats based approach
6
Identification of Smart Assets in
Hospitals
7
Assessing the criticality of smart
assets
Interconnected Clinical information systems 67%
Data 30%
Buildings 10%
8
Vulnerabilities of Smart Hospitals
• Interconnection between devices/systems, some times even automatic
• Communication between devices and legacy systems creates gaps
• Physical security impossible for all components
• Impossible to virtually patch all devices
• Life span of medical devices
• Little malware detection or prevention capabilities
• No clear way to alert the user when a security problem arises
• Access control difficult to implement
• Usability issues cause circumventions of set policies
• Use of personal devices non compliant to security policies
• Lack of compliance with organisational or industry standards
• Users behaviour
• Lack of proper configuration management process 9
Threats mind map
10
Attack scenarios
- Description
0% 10% 20% 30% 40% 50% 60% 70%
- Assets affected
Respondents rating the attack scenario common for smart hospitals
- Criticality
- Likelihood
- Cascading effects
- Estimated recovery time
- Good practices
- Challenges and gaps
11
Good practices
12
Open Issues
14
Recommendations for Industry
15
Thank you
eHealthSecurity@enisa.europa.eu
resilience@enisa.europa.eu
https://www.enisa.europa.eu/scada
www.enisa.europa.eu/internetcii