×

Irish Information Security Forum

WHO Europe has launched Cyber Guide for Health sector

News release:  26 March 2025
Source: who.int

 

The World Health Organization's European Region (WHO/Europe) has launched a guide entitled “Cybersecurity and privacy maturity assessment and strengthening for digital health information systems” to address rising cyber threats in the health sector.

 

This framework aims to help the 53 Member States in Europe and Central Asia develop tailored risk assessment strategies, ensuring robust defenses for their digital health systems. With the increasing use of telemedicine and electronic health records, the guide emphasizes the importance of accessibility, privacy, and governance to maintain trust and ensure continuous and secure healthcare services. It also aligns with the Regional Digital Health Action Plan, focusing on protecting health data and fostering cyber resilience.

 

The health-care sector is one of the most targeted by cyberattacks. The European Commission counted over 300 cybersecurity incidents in 2023 – more than in any other critical sector in the European Union (EU). These breaches can result in significant financial losses, compromise patient privacy, disrupt health-care services, delay treatments and even endanger the lives of patients.

 

Dr Hans Henri P. Kluge, WHO Regional Director for Europe, emphasized the geopolitical implications of cybersecurity threats. “Cybersecurity in health care is not just a technical issue but also a matter of national security. We have seen how cyberattacks on hospitals and public health systems can compromise access to and delivery of vital health services and be used to target the most vulnerable people in times of crisis.

He added, “Our new cybersecurity guidance provides a tool for countries to step up their defences and ensure that health systems remain ready for and resilient against evolving threats.”

 

The increasing interconnectivity of health-care systems necessitates a proactive approach to cybersecurity. WHO/Europe’s guidance is available as a WHO report and as a spreadsheet. It outlines a security and privacy maturity assessment methodology for digital health systems, addressing 3 critical aspects:

 

  • Accessibility – This means ensuring that digital health systems are reliable, scalable, and available for patients and providers when needed. Accessibility supports continuous care and enables timely medical interventions.
  • Privacy – This entails focusing on protecting personal and medical information to maintain confidentiality and trust. Privacy is achieved by implementing measures such as data encryption, anonymization and secure data-sharing protocols in line with the General Data Protection Regulation (an EU regulation on information privacy in the EU and the European Economic Area) and other relevant privacy laws.
  • Governance – This involves establishing a strong framework to oversee data quality, patient safety, treatment efficacy, regulatory compliance and ongoing risk management. Effective governance ensures accountability, transparency and continuous improvement of digital health systems.

 

Download Report

Cybersecurity and privacy maturity assessment and strengthening for digital health information systems

 

 

 

Cybersecurity and privacy maturity assessment and strengthening for digital health information systems: web annex: assessment instrument

 

Overview

This document serves as an assessment instrument designed to evaluate the security and privacy measures of digital health information systems (d-HIS). It provides a comprehensive framework for information security management, cybersecurity, and privacy protection.

 

The cybersecurity assessment is guided by a questionnaire/checklist (Assessment questionnaire), which forms the basis of the evaluation. This checklist can be adapted to meet the specific needs, levels, and preferences of the assessment. The tool offers an overview of the security status of the entire d-HIS, including a set of standardized questions to gather information about the current settings. This helps assess whether the privacy, confidentiality, and security standards of the d-HIS are in place and if the systems are protected throughout service delivery and data management.

 

The assessment results can be summarized by reflecting the maturity of the cybersecurity status in the given settings using the maturity scoring instrument (Summary scoring sheet). The maturity scoring instrument includes six key areas of security: governance and policy, data management life cycle, transmission security, data disposal, monitoring, and user behavior. This information could be used to develop recommendations for improving the d-HIS security and privacy posture in the short, medium, and long term for the given settings.

 

Download Spreadsheet

“Cybersecurity and privacy maturity assessment and strengthening for digital health information systems

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

GTS Security,
Exo Building,
North Wall Quay,
Dublin 1,
D01 W5Y2

 

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 

Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

More News

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter