The “Threats and risk management in the health sector – Under the NIS Directive” shines a light on the different cybersecurity threats targeting the health sector of the European Union in times of ever-growing interconnections between traditional health care services and internet-connected networks and information systems.
Starting with the analysis of the cyber threat landscape and the most relevant threat taxonomies and cyber incident data, this report highlights the main current and emerging cyber threats which the European heath sector is likely to be confronted with. In this sense, the report also presents a set of business continuity and mitigation recommendations to limit the likelihood and impacts of a cyber related incident.
Finally, the present document provides an analysis of the results of a questionnaire that was disseminated by Member States to Operators of Essential Services and that focused inter alia on the cybersecurity and risk management culture, cybersecurity awareness, cybersecurity measures currently in place and the cyber threat perceptions of institutions of the European healthcare sector.
In conclusion, this “Threats and risk management in the health sector – Under the NIS Directive” aims to enhance the awareness of the European health sector with regards to the cyber threats it faces and to enhance the general cybersecurity posture of institutions being part of the European health sector.
