The document, titled “Cybersecurity and privacy maturity assessment and strengthening for digital health information systems”, provides a framework to help countries and organizations develop risk assessment strategies that align with their specific needs, goals and regulatory requirements.
The need for cyber resilience
The rapid development and adoption of telemedicine, electronic health records and other digital solutions in recent years is improving service delivery and availability, but it has also exposed the health-care sector to cybersecurity risks.
The health-care sector is one of the most targeted by cyberattacks. The European Commission counted over 300 cybersecurity incidents in 2023 – more than in any other critical sector in the European Union (EU). These breaches can result in significant financial losses, compromise patient privacy, disrupt health-care services, delay treatments and even endanger the lives of patients.
Dr Hans Henri P. Kluge, WHO regional director for Europe, emphasized the geopolitical implications of cybersecurity threats.
“Cybersecurity in health care is not just a technical issue but also a matter of national security. We have seen how cyberattacks on hospitals and public health systems can compromise access to and delivery of vital health services and be used to target the most vulnerable people in times of crisis.” He added: “Our new cybersecurity guidance provides a tool for countries to step up their defences and ensure that health systems remain ready for and resilient against evolving threats.”
Dr Natasha Azzopardi-Muscat, director of country health policies and systems at WHO/Europe, underscored:
“Every patient deserves to know that their most sensitive health data is safe. Cybersecurity is about trust: trust in health systems, trust in digital innovation and trust that no one’s care will be disrupted by a cyberattack. This guide is an important step in supporting governments and health partners in ensuring that safety and security are at the core of digital health.”
A proactive approach
The increasing interconnectivity of health-care systems necessitates a proactive approach to cybersecurity. WHO/Europe’s guidance is available as a WHO report and as a spreadsheet. It outlines a security and privacy maturity assessment methodology for digital health systems, addressing three critical aspects:
- Accessibility – This means ensuring that digital health systems are reliable, scalable, and available for patients and providers when needed. Accessibility supports continuous care and enables timely medical interventions.
- Privacy – This entails focusing on protecting personal and medical information to maintain confidentiality and trust. Privacy is achieved by implementing measures such as data encryption, anonymization and secure data-sharing protocols in line with the General Data Protection Regulation (an EU regulation on information privacy in the EU and the European Economic Area) and other relevant privacy laws.
- Governance – This involves establishing a strong framework to oversee data quality, patient safety, treatment efficacy, regulatory compliance and ongoing risk management. Effective governance ensures accountability, transparency and continuous improvement of digital health systems.
The regional digital health Action Plan for the WHO European region, published in 2022, aims to ensure the security and privacy of health data with a focus on awareness and privacy-enhancing technologies.
The post WHO/Europe launches guide to strengthen cybersecurity in digital health appeared first on Caribbean News Global.
