The Digital Health and Innovation Cluster (DHI Cluster) launched the first of its thought-leadership series, DHI TO(al)K, on October 25th, focusing on a topic at the heart of today’s digital transformation — “Information Security in the Healthcare Sector.” Presented by Mnemonica JSC, this event brought critical insights into the pressing issues of cybersecurity within healthcare.
The event’s agenda revealed surprising security lapses in the healthcare sector across the EU and Bulgaria. A significant number of healthcare organizations, about 40%, are without essential security awareness programs for their staff. Alarmingly, 95% fail to conduct risk assessments, and nearly half have never undertaken a risk analysis. The lack of process continuity plans was especially troubling given that most reported incidents affect critical providers like hospitals and the pharmaceutical industry.
Highlighting the European regulatory framework, the spotlight turned to the NIS2 Directive, which mandates a high common level of cybersecurity across the Union. Diana Hadzhieva, the Information Security and Cybersecurity Auditor at Mnemonica JSC, emphasized two articles from the directive, one of which details cybersecurity risk management measures, and the other – pertains to incident reporting obligations. She pointed out significant fines for non-compliance, with penalties up to EUR 10,000,000 or 2% of the annual global turnover, whichever is higher, effective from October 18, 2024. Additionally, the directive calls for CEOs to take personal responsibility for breaches, accentuating the weight of cybersecurity in corporate accountability.
In response to these eye-opening insights, Mnemonica JSC outlined a roadmap highlighting the proactive steps companies and organizations in the healthcare sector need to take. This strategic approach is aimed at ensuring compliance and fostering a culture of cybersecurity resilience.
There are three core messages that Mnemonica JSC pointed out as such that should stick with the attendees.
1.Standards and regulations are not meant to inconvenience but to fortify security within organizations, steering clear of punitive fines.
2.It’s essential for businesses to determine their classification under NIS2 and understand the requisite technical and organizational measures for compliance.
3.One of the NIS2’s primary goals is to enhance the cyber culture within organizations, which is fundamental in guarding against the evolving landscape of cyber threats.
Vihren Slavchev, Mnemonica’s CEO, then took the stage to emphasize the urgency for proactive implementation of the new regulations. He warned of the increasingly sophisticated cyber-attacks, not carried out by individuals but by well-structured organizations with their own hierarchies and objectives. “We have no choice,” Slavchev stated, reinforcing the necessity of preparedness.
Echoing Slavchev’s sentiments, Mira Ganova, CEO of the Cluster, reminded the audience that proactive thinking is key to prevention and protection, whereas reactive measures come into play only after a breach has occurred. Her statement reinforced the event’s overarching message: proactivity in cybersecurity is not just a strategy but an imperative.
The DHI TO(al)K series has successfully commenced, marking the beginning of a series of insightful events designed to prepare and educate the healthcare sector for the digital challenges ahead. This event has set the tone for future sessions, emphasizing that readiness and compliance with cybersecurity regulations.