Skip to main content

SAFEguard of Critical heAlth infrastructure

Article Category

Article available in the folowing languages:

Strengthening hospital resilience to threats

A new integrated approach to identifying, assessing and dealing with cyber and physical threats to hospitals could be key to ensuring healthcare resilience in Europe.


Effective management of hospitals is critical to the well-being of society; lives are literally at stake. And as with other large complex infrastructures, technological advancements have been introduced to achieve operational efficiencies. For example, medical technology such as imaging and laboratory analysis, as well as general building management such as air cooling and energy, are often automated and connected to networks. While this has helped to improve and streamline hospital management in many cases, the blurring of the cyber and physical worlds has also created new vulnerabilities, such as openness to cyberattacks.

Connecting threats

Addressing these vulnerabilities was the objective of SAFECARE. The project team set about developing a system to provide a more integrated, holistic view of all potential threats to a hospital, calculating the potential impact of the perceived threat, and providing alerts and advice on dealing with the situation. “All services involved in running healthcare overlap,” notes project coordinator Philippe Tourron from the AP-HM, Marseille Public University Hospital in France. “It can be very difficult to manage security in this context.” For example, if there is a small fire in a particular room of a hospital, security staff on duty might not be aware that just adjacent is a room full of equipment critical to the functioning of an operating theatre. “Too often, critical information like this is in silos, and not properly shared,” continues Tourron.

Safeguarding health systems

Collecting, and finding ways of connecting all data relevant to hospital security, was therefore the first step. “We couldn’t just propose to replace existing security systems with expensive new technology,” adds Tourron. “Instead, we looked at how we could upgrade existing systems, and integrate new technologies such as sensors to gather more data.” Next, the project team developed a software system to centralise and process all this collected information. The software helps management to determine how a perceived threat – such as a cyberattack or an unidentified intruder – should be dealt with, by taking a more holistic view of the hospital. Project pilots took place in hospitals in Marseille, Turin and Amsterdam, in order to simulate attack scenarios in near-real conditions. The extent of the cyberattack, the number of intruders, or the location and severity of the impact determine the next step in the process – an alert informing relevant actors of the best course of action to take. “Threats are shown as a cascading effect on a user’s screen,” explains Tourron. “This means that management can really visualise the potential impact of a particular threat.” Finally, automated alerts are sent out to appropriate personnel. This could be doctors and security staff in the hospital itself, or externally police and fire services. Video evidence can be added, for example to show the extent of a fire, or the number of intruders. The severity of a cyberattack will also inform proposed actions; whether just one infected computer can be isolated, or whether a whole network system requires shutting down. The vision of Tourron and his team is to further expand the SAFECARE system to cover not only individual hospitals, but groups of hospitals at the national level. Next steps include building on the prototypes developed in this project and identifying technology ready for commercialisation. Eventually, the system could operate Europe-wide, encouraging the sharing of information and advice to protect critical healthcare infrastructure. “We have to be as agile as the threat we face,” says Tourron. “I think SAFECARE can contribute to this ambition.”


SAFECARE, cyber, healthcare, security, medical, cyberattack, technology

Discover other articles in the same domain of application