New strategy to protect the Danish healthcare sector against hackers

03-05-2019

With a new strategy for cyber and information security, the Ministry of Health, Danish Regions, and Local Government Denmark have set a common direction to further enhance the protection of citizens against hackers.

Most patient records are digital, an increasing number of health apps make life easier for citizens, and healthcare professionals are continuously given better options for monitoring patients digitally.

The pace of the development of the digital Danish healthcare service is high, and the Danish healthcare service is already one of the most digitised healthcare services in the world. However, as the digital interconnectivity increases, threats from, for example, hackers increase as well, and with that the collective vulnerability of the healthcare services.

Minister for Health Ellen Trane Nørby says:

A threat against our healthcare service is a threat against the patients. We need to take this very seriously – and therefore we have presented a strategy on how to strengthen the healthcare sector’s defence against these threats. We saw what happened in the United Kingdom when hackers disrupted the IT systems of many hospitals to the detriment of patient safety. We will not let this happen in Denmark – and in the event of an incident, we need to manage it quickly and effectively.

Last summer the government concluded that the healthcare sector is one of six critical sectors in Denmark when it comes to a potential cyberattack. To meet this threat it was agreed that the parties within the healthcare sector should elaborate a specific strategy for the cyber and information security effort in the healthcare sector.

Danish Regions: Citizens should be able to feel safe

The parties within the healthcare sector have produced this strategy together and it has been discussed in the Political Cyber Forum for the healthcare sector – a partnership between the Ministry of Health, Danish Regions, and Local Government Denmark.

The parties have decided that the healthcare sector with this strategy should work together to further strengthen the collective capacity to predict, prevent, detect, and respond to security breaches and actual hacker attacks. In the end, it is about maintaining citizen trust in the safety and security of their treatment, care, and health data.

Stephanie Lose, Chair of Danish Regions, says:

Digital solutions and exchange of data is a prerequisite for the development of a flexible and coherent healthcare service. The regions have always taken the responsibility for handling the personal information of citizens very seriously. Citizens should feel safe, and all parts of the sector should be secure. The threats will not diminish. Therefore I am happy that we with this strategy now join forces to enhance security across the sector, so the individual citizen can feel safe when it comes to his or her health data.

Local Government Denmark: Security begins with the staff

The healthcare sector has several hundred thousand employees with very different preconditions for dealing with cyber and information security as part of their everyday work.

Consequently, it is an important focus area in the strategy that all staff in the healthcare sector receive education in secure use of digital healthcare and are trained in awareness of phishing mails and other risks.

Jette Skive says:

Luckily, we have left the era of paper journals behind. This means that citizens can have quick access to their own records. For healthcare professionals this also means that they can learn about the citizens’ illnesses, so that treatment and prevention work smoothly. However, there is also a downside to this; that is, the risk of sabotage or theft. As a citizen, you should be able to trust that your personal data is not mismanaged or suddenly disappears. This is why we also focus on the security culture in the workplace, in order to ensure o that the employees know how to act in the digital daily life and how to respond in the event of a breach of security.

FACTS about the level of threats in Denmark

The strategy is based on assessments of the threats, vulnerabilities, and risks in the healthcare sector. Based on international experiences, the Danish Centre forCyber Security assesses that the threat against the healthcare sector is “very high”.

The healthcare sector’s own risk assessment also points out a number of vulnerabilities that it is particularly important to address. This include medico-technical equipment, supplier management, the mutual dependencies of the actors within healthcare sector, and the cyber and information security expertise of the employees in the sector.

The strategy is the beginning of a common journey, but the ultimate goal is not defined by the strategy alone. This journey requires that all parties within the healthcare sector are working closely together to continuously prioritise activities and agree on the funding of these.

Læs publikationen: A strengthened collective cyber and information security effort

You can also read more on the website of the Danish Health Data Authority, which has also played a part in the development of the strategy.