The healthcare sector in Romania is one of the sectors with the lowest maturity in terms of cybersecurity and digital transformation, the general director of the National Cybersecurity Directorate (DNSC), Dan Cimpean, said on Wednesday at the closing conference of the "Romanian Cyber Care Health" (RO-CCH) project.
"The healthcare sector, in terms of cybersecurity and from the point of view of the regulations that we have in Romania, is one of the very important sectors. In the healthcare sector, according to the NIS 2 Directive, transposed into Romanian legislation, we have important and essential entities. What we can observe not only in Romania, but also the equivalent agencies of the directorates at the level of the European Union, is that, unfortunately, the healthcare sector is one of the sectors with the lowest maturity in terms of cybersecurity and digital transformation, which creates a lot of problems, because it is very difficult to raise a level of maturity in an accelerated and fast way. On the other hand, in the cybersecurity area, difficult and very, very worrying things are happening. It is to be expected that once the situation between Russia and Ukraine calms down, in one form or another, even if there is a temporary truce, even if there is a sustainable and long-lasting peace, operations in virtual space will not cease. That is, the missiles and bombs and all that will stop, but cyber operations will continue business as usual. A lot of resources that are now being spent on bombs, missiles, tanks and will be allocated very easily in cyberspace. We know very well that there are no borders, everything is just a click away," said Cimpean.
In his opinion, both Ukraine and Russia have extremely numerous teams of cybersecurity experts, paid by governments.
"My estimate, and I speak for myself, not on behalf of the directorate, is that in Ukraine there are somewhere around 45,000 - 48,000 government cyber experts, at the moment, that is, on the Government's payroll, who carry out direct operations against Russia. Russia, probably, has somewhere the same number... So, paid by the government. When the peace agreement is made, some of them will be left without jobs, but they are people with experience, with infrastructures at their disposal, with tactics, techniques, well-run attack protocols, which they have practiced against the others and will start looking for victims in the rest of the European Union, elsewhere on the planet. Obviously, it would be very naive to think that if we do not act or do not take some measures, no matter what they will be, we will be protected. A cyber incident can happen to anyone, anytime, anywhere. My question is when it happens, not if it happens. Any organisation is vulnerable. The only system that is not vulnerable is the one that is unplugged, which does not work. We, Romania, are a completely atypical country. We have registered, with my colleagues from the regulation, I think somewhere around 700 more or less regulated hospitals. All these must have a contact person, report incidents, implement a series of technical and non-technical measures and so on."
On Wednesday, DNSC organised the closing conference of the "Romanian Cyber Care Health" (RO-CCH) project, an event dedicated to the presentation of the results and the exchange of good practices in the field of cybersecurity for the healthcare sector.
According to data published on the directorate's website, the total value of the project is EUR 578,870, of which EUR 289,435 is non-repayable financial assistance.
"The general objective of the project is to reduce cybersecurity risks and raise awareness, in order to increase patient safety and trust in the healthcare system in Romania. The project will promote the exchange of best practices among the cybersecurity and healthcare communities, in order to raise awareness about cybersecurity threats and vulnerabilities, as well as the exchange of tools, methods, organisational and management practices, with the overall goal of defining collaborative interdisciplinary schemes customised to this environment. Interested parties in the healthcare system will thus be able to define the bases of cybersecurity skills applicable in the healthcare sector throughout the European Union," says DNSC.
Comentează