Cybercrime and its impact on digital health services

On 10 May, the territorial delegation of the Official Association of Nurses of Barcelona (COIB) in Osona held a conference with the University of Vic – Central University of Catalonia: Technological innovation for nursing care. The event held at the Faculty of Health and Welfare Sciences in Vic involved the collaboration of the association Osona against cancer.

Oriol Castaño, a cybersecurity expert at the Office of the Data Protection Officer (ODPD) at the TIC Salut Social Foundation, was able to set out his view of the issues of cybercrime and digital health. Castaño commented that “We consider any malicious action carried out by individuals or groups of individuals through computer networks to be a cyberattack. This may be done to gain unauthorised access, cause damage, steal sensitive information or disrupt the normal operation of computer systems.”

The main categories of cyberthreats against health care organisations tend to be phishing, malware (ransomware) or leaks of personal and research data through eHealth services. Castaño added that “today, cybercrime makes more money than arms and drug trafficking combined.”

The ODPD offers a support service to manage protocols in response to potential cyberattacks affecting patients’ personal data. Remember that security breaches that affect personal data must be reported to both those affected and the competent data protection authority (APDCAT). 

Cybercrime and the impact on citizen care

A cyberattack can compromise the confidentiality, integrity and availability of patient health data and other special personal data protected by the GDPR. This has an impact on citizens’ rights and freedoms.

Every device connected to the internet is susceptible to a targeted attack. Medical devices can be tampered with to manipulate the results recorded. A cyberattack can also compromise professionals’ data, shut down the services provided or cause financial losses.

At the conference organised by the COIB, the various speakers confirmed the existence of greater awareness among health organisations and an improvement in training on cybersecurity. Organisations are investing more resources to mitigate the impact and likelihood of risks associated with threats. Castaño concluded that “it is necessary to have a cybersecurity strategy aligned with the health system’s objectives to reduce risks and optimise resources”.

  • Cybercrime makes more money than arms and drug trafficking combined.