Periodic Reporting for period 2 - SecureHospitals.eu (Raising Awareness on Cybersecurity in Hospitals across Europe and Boosting Training Initiatives Driven by an Online Information Hub)
Reporting period: 2020-01-01 to 2021-01-31
Increased interconnectivity of medical devices and the proliferation of medical data has made the healthcare industry a very lucrative business for cybercriminals. Several reports indicate that healthcare is leading amongst the industries most affected by cyberattacks. The most common form of incidents includes stealing patients’ personal and medical records and encrypting them, preventing medical staff from accessing patient information, for ransom money. But capable terrorists could also be able to render active medical devices deadly. As technology continues to develop and cybercriminals become more and more sophisticated, the number of threats for healthcare organisations - both external and internal - increase exponentially.
Yet, the level of awareness, funding and efforts allocated to cybersecurity in healthcare is very low, standing in sharp contrast with the potential costs arising from response and recovery from an attack as well as the overall damage caused in the aftermath of an attack, affecting the organisation’s reputation or even existence.
An analysis of past attacks shows that more than 80% could have been prevented, if better protection mechanisms had been in place and the medical professionals were more aware of cybersecurity issues. Awareness raising and training as well as the implementation of stronger cybersecurity strategies, tools and protection mechanisms are vital steps for changing organisational cultures and attitudes towards cybersecurity and minimising cybersecurity incidents.
The SecureHospitals.eu project seeks to address this issue by aiming to increase the level of awareness among healthcare professionals as well as by providing insightful resources for people in charge of implementing new cybersecurity practices within a healthcare organisation. For a duration of 26 months, the project is creating tailor-made training and awareness raising materials, addressing different types of stakeholders within the healthcare sector. This shall contribute to decreasing the level of vulnerabilities against external and internal attacks and making healthcare organisations safer.
Yet, the level of awareness, funding and efforts allocated to cybersecurity in healthcare is very low, standing in sharp contrast with the potential costs arising from response and recovery from an attack as well as the overall damage caused in the aftermath of an attack, affecting the organisation’s reputation or even existence.
An analysis of past attacks shows that more than 80% could have been prevented, if better protection mechanisms had been in place and the medical professionals were more aware of cybersecurity issues. Awareness raising and training as well as the implementation of stronger cybersecurity strategies, tools and protection mechanisms are vital steps for changing organisational cultures and attitudes towards cybersecurity and minimising cybersecurity incidents.
The SecureHospitals.eu project seeks to address this issue by aiming to increase the level of awareness among healthcare professionals as well as by providing insightful resources for people in charge of implementing new cybersecurity practices within a healthcare organisation. For a duration of 26 months, the project is creating tailor-made training and awareness raising materials, addressing different types of stakeholders within the healthcare sector. This shall contribute to decreasing the level of vulnerabilities against external and internal attacks and making healthcare organisations safer.
The first project period included a needs assessment phase, in which the level of awareness, specific requirements of health and care organisations as well as different roles within them, were assessed. The so gathered evidence contributed to the creation of a training curricula and the content, which were implemented during the second phase.
The awareness raising campaign during the first project period included direct contact to all partner’s networks and invitations to join the project activities, including participation in the online survey, interviews and the online awareness and information hub.
Mapping the most relevant and recent knowledge sources on cybersecurity in hospitals served as the basis for the creation of training materials and training activities. All of the main findings, arising from the first period, are integrated the online awareness and information hub SecureHospitals.eu. The hub is designed to support health organisations to find training courses, technical solutions and consultancy services. Furthermore, a community module, with multiple interaction and knowledge sharing functionalities, was developed to run a Community of Practice. As such, the SecureHospitals.eu Online Awareness and Information Hub is also the central element in the awareness raising activities of the project.
In addition, a step-by-step guide was created, aiming to help trainers develop new course curricula on the topic of cybersecurity in healthcare organisations. Based on the guideline´s individual steps and questions, the project developed an online tool named the Curriculum Wizard, able to generate tailored advice for the trainer completing it. This tool helps trainers to gain insights into the needs of their healthcare organisation, department or unit, without requiring an extensive training needs assessment.
Based on the analysis by independent experts involved in reviewing ongoing research and innovation projects the SecureHospitals.eu Tools were identified and selected by the European Commission’s Innovation Radar as excellent innovations with further market potential.
The awareness raising campaign during the first project period included direct contact to all partner’s networks and invitations to join the project activities, including participation in the online survey, interviews and the online awareness and information hub.
Mapping the most relevant and recent knowledge sources on cybersecurity in hospitals served as the basis for the creation of training materials and training activities. All of the main findings, arising from the first period, are integrated the online awareness and information hub SecureHospitals.eu. The hub is designed to support health organisations to find training courses, technical solutions and consultancy services. Furthermore, a community module, with multiple interaction and knowledge sharing functionalities, was developed to run a Community of Practice. As such, the SecureHospitals.eu Online Awareness and Information Hub is also the central element in the awareness raising activities of the project.
In addition, a step-by-step guide was created, aiming to help trainers develop new course curricula on the topic of cybersecurity in healthcare organisations. Based on the guideline´s individual steps and questions, the project developed an online tool named the Curriculum Wizard, able to generate tailored advice for the trainer completing it. This tool helps trainers to gain insights into the needs of their healthcare organisation, department or unit, without requiring an extensive training needs assessment.
Based on the analysis by independent experts involved in reviewing ongoing research and innovation projects the SecureHospitals.eu Tools were identified and selected by the European Commission’s Innovation Radar as excellent innovations with further market potential.
By addressing the challenge of cybersecurity for healthcare organisations, with a particular focus on training and awareness raising for medical and administrative personnel, the project seeks to address a key issue often mentioned in stakeholder circles, however so far not adequately addressed at a European level.
The Massive Open Online Course (MOOC) for healthcare professionals is targeting this medical and administrative personnel audience. Moreover, the interactivity and collaboration aspects of the MOOC support a more efficient knowledge uptake and knowledge sharing among course participants. The SecureHospitals.eu MOOC will provide the opportunity to receive a certificate upon completion, a process with the ambition to become mandatory for healthcare professionals throughout Europe.
Furthermore, the SecureHospitals.eu Online Awareness and Information Hub provides a one-stop-shop for healthcare organisations and their staff to find information, awareness raising materials and training courses as well as interactive tools and directories dedicated to cybersecurity in healthcare settings. New materials, knowledge articles, training courses and information were constantly included in the online hub.
The provision and successful uptake of these initiatives by the target groups will ensure an increase in the preparedness-level against cybersecurity threats of the European healthcare sector. Thus, minimising threats for data and privacy breaches, while ensuring the provision of timely care and cure as well as patient safety.
The Massive Open Online Course (MOOC) for healthcare professionals is targeting this medical and administrative personnel audience. Moreover, the interactivity and collaboration aspects of the MOOC support a more efficient knowledge uptake and knowledge sharing among course participants. The SecureHospitals.eu MOOC will provide the opportunity to receive a certificate upon completion, a process with the ambition to become mandatory for healthcare professionals throughout Europe.
Furthermore, the SecureHospitals.eu Online Awareness and Information Hub provides a one-stop-shop for healthcare organisations and their staff to find information, awareness raising materials and training courses as well as interactive tools and directories dedicated to cybersecurity in healthcare settings. New materials, knowledge articles, training courses and information were constantly included in the online hub.
The provision and successful uptake of these initiatives by the target groups will ensure an increase in the preparedness-level against cybersecurity threats of the European healthcare sector. Thus, minimising threats for data and privacy breaches, while ensuring the provision of timely care and cure as well as patient safety.