SU-TDS-03-2018 - Raising awareness and developing training schemes on cybersecurity in hospitals
ICT infrastructures and data have become critical for the functioning of the hospitals and care systems. Due to increasing connectivity, the exposure to risks of cyber-crime is constantly increasing. Cyber-attacks are a potential danger to the safety of patients and to the privacy of sensitive health data. Some cybersecurity threats are caused by human errors or ignorance.
Awareness raising of staff working in healthcare settings on security and data privacy is important to reduce cybersecurity vulnerabilities and exposure.
Training of IT staff working in healthcare settings is of high priority in order to enforce the knowledge on information security processes and data protection procedures. This may include proactive managerial and technological strategies to reduce vulnerabilities e.g. best practices to minimize the potential for becoming a victim of phishing and ransomware or strategies to respond to attacks,…. Appropriate training on the permitted use of patient health data/ information according to the requirements of relevant data protection law(s) is also a priority.
The Commission considers that proposals requesting a contribution from the EU of up to EUR 1 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
Proposals under this topic may be subject to security scrutiny if they could potentially lead to security-sensitive results that should be classified (see guide for classification).
The proposal should provide appropriate indicators to measure its progress and specific impact in the following areas:
- Less human errors causing cybersecurity threats;
- Less risk of data privacy breaches;
- Reduced cybersecurity vulnerability of Health and Care services, data and infrastructures;
- Increased patient trust and safety.