Press Release

No clean bill of health for cyber security incidents in healthcare: time for a sanity check

Published on December 15, 2015

ENISA issues key recommendations on protecting eHealth services and infrastructures

The potential impact of an outage in the information systems of a hospital can be extreme. The loss of service or failure of a medical device due to remote hacking (e.g. via brute force and DoS attack) can be significant. Such cyber security incidents have greatly impacted health services delivery risking lives and limb of patients and exposing institutions and health care systems to reputation risk. Healthcare is moving up on the policy agenda and it is often treated by the EU Member States[1] as a critical infrastructure. ENISA has engaged more than fifteen MS and two EFTA countries in a study to identify the measures policy makers and the private sector should take to improve the security and resilience of eHealth systems. This study focuses on three broadly used, real cases, namely Electronic Health Records, national eHealth services (for example ePrescription) and Cloud Services supporting eHealth systems.

The Executive Director of ENISA, Udo Helmbrecht, commented on this report: “The complexity and interdependencies of eHealth systems have been steadily increasing. Ensuring the availability, integrity and confidentiality in eHealth is a challenging task for providers and beneficiaries. ENISA seeks co-operate with all stakeholders to enhance the security and privacy of all eHealth infrastructures and services.”

The report recommends, inter alia, that:

  • National cyber security authorities should identify critical eHealth assets and carry out risk assessments with a view to mitigate risks
  • Policy makers should introduce baseline cyber security guidelines for eHealth infrastructures and services
  • eHealth operators, along with public sector actors, should setup an information sharing mechanism to exchange good practices and expertise on threats and vulnerabilities.

These findings were validated by numerous experts from the public and private sectors in an open workshop[2] organised together with the European Commission on 30th of October 2015.

New technologies, such as cloud computing, smart devices and the Internet of Things, already provide the innovation drive eHealth needs. As cyber security challenges grow alongside services in 2016, ENISA will focus on the adoption of Cloud computing by healthcare providers and carry out an analysis regarding Smart Hospitals.

For full report: Security and Resilience in eHealth Infrastructures and Services

For technical information: Dimitra Liveri, NIS expert, [email protected]

For interviews and press enquiries please contact [email protected], Tel. +30 2814 409576



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies