SecureHospitals

Author: European Union Agency for Cybersecurity (ENISA) ENISA is one of the key stakeholders in Europe in the area of Network and Information Security (NIS). Given its positioning, ENISA is active in the area of education and awareness, using its knowledge to promote NIS skills and supporting the Commission in enhancing the skills and competence…

Author: European Union Agency for Cybersecurity (ENISA) The present report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point. Download the report here:…

Author: European Union Agency for Cybersecurity (ENISA) This guide complements the existing set of ENISA guides that support Computer Emergency Response Teams. It describes good practices and provides practical information and guidelines for the management of network and information security incidents with an emphasis on incident…

Author: Patrick Kral One of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident is described as any violation of policy, law, or unacceptable act that involves information assets, such as computers, networks, smartphones, etc…

Author: European Union Agency for Cybersecurity (ENISA)   This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are supporting a healthcare organisation…

Author: Ayala, Luis Learn how to detect and prevent the hacking of medical equipment at hospitals and healthcare facilities. A cyber-physical attack on building equipment pales in comparison to the damage a determined hacker can do if he/she gains access to a medical-grade network as a medical-grade network controls the diagnostic, treatment,…

The curriculum development process consists of four phases, namely A. Planning, B. Articulating and Developing, C. Implementing, and D. Evaluating (Ct.gov, 2001). Each phase consists of multiple steps, which are shown in Table 1. How much time and effort should be dedicated to each phase and/or individual step depends on multiple factors, such as…

Boston Children’s Hospital (US): Hacktivism and DDoS attacks In 2014, the Boston Children’s Hospital (located in the US) was targeted by a DDoS attack. A DDoS attack is a Distributed Denial of Service attack, meaning that multiple systems target a single system in such a way that the targeted system cannot deliver its intended services. The…

The UnityPoint Health breach: Phishing for sensitive information On 31 May 2018, UnityPoint Health, a US-based healthcare provider organisation, discovered their business email system was compromised due to a phishing attack (UnityPoint Health, 2018). This was the second phishing attempt to be reported by UnityPoint Health in 2018 (HIPAA…

The Barbie case (The Netherlands): GDPR and the mishandling of patient information Not all security breaches stem from sources outside of healthcare organisations, they can also stem from within the organisation. In 2018, a Dutch local TV-show personality was admitted to a hospital in the Netherlands. Curious staff members sought access to…