Digitalization, IT support for healthcare services, and the implementation of the latest technological solutions from various scientific disciplines in medicine bring many advantages, including faster access to medical data, more efficient diagnosis and treatment, and the creation of conditions for personalized healthcare services and therapies. However, these advantages come with increased vulnerability to cyber attacks. Cybersecurity in healthcare, as the most complex system, becomes a crucial factor for protecting sensitive information, software applications, hardware, and ensuring the continuity of healthcare services in both offline and online modes.
One of the most striking examples of the importance of cybersecurity in healthcare is the case from Germany in 2020. The University Clinic Düsseldorf became a victim of a ransomware attack that severely disrupted its IT systems. This incident had tragic consequences – due to non-functional systems, a patient who was urgently transported to the hospital could not be adequately treated and died after being redirected to another hospital. This case highlights the extreme importance of cybersecurity in the healthcare sector. Healthcare institutions must implement protective measures to ensure the integrity and availability of their systems and data, thereby protecting the lives of their patients.
DDoS attacks overload hospital networks and servers, making them inaccessible, which can impede access to vital information and systems, critical in emergency situations or online healthcare provision modes such as telemedicine services.
Healthcare workers often receive a large number of emails, increasing the likelihood of successful phishing attacks. Additionally, current or former employees with access to sensitive data can inadvertently or intentionally cause security incidents. For example, in 2015, Anthem Inc., one of the largest health insurance companies in the USA, suffered a major cyber attack in which 78.8 million patient records were stolen.
Cybersecurity in healthcare is not just a matter of data protection; it directly affects patient safety and lives. Healthcare institutions must invest in modern protection technologies, continuous employee education, and developing strategies for quick response to cyber attacks. This way, it is possible to minimize risks and ensure that the healthcare sector can reliably and securely provide necessary services to patients.
Patient Safety: The integrity of healthcare data is crucial for accurate diagnosis and treatment. Manipulation or deletion of medical information can lead to incorrect treatments and endanger patient lives.
Protection of Sensitive Patient Data: Patient healthcare data includes personal information, medical histories, lab results, and other sensitive information. Theft or loss of this data can lead to severe consequences for patient privacy.
Business Continuity: Cyber attacks such as ransomware can paralyze healthcare institutions, preventing access to critical information and jeopardizing or blocking healthcare services.
Regulatory Requirements: The healthcare sector is subject to strict regulatory requirements regarding data protection (e.g., GDPR in the EU, HIPAA in the USA). Non-compliance with these regulations can result in hefty fines and legal consequences. In Montenegro, data protection is regulated at the national level by a set of laws, including the Personal Data Protection Act (Official Gazette of Montenegro, Nos. 079/08, 070/09, 044/12, 022/17), the Electronic Identification and Electronic Signature Act (Official Gazette of Montenegro, No. 31/2017), the Electronic Document Act (Official Gazette of Montenegro, Nos. 005/08, 040/11), the Information Security Act (Official Gazette of Montenegro, Nos. 014/10, 040/16), the Regulation on Information Security Measures (Official Gazette of Montenegro, Nos. 058/10 of 08.10.2010, 055/15 of 30.09.2015), while the Patients’ Rights Act (2010) (Official Gazette of Montenegro, No. 40/2010) specifically covers patients’ rights.
