The healthcare sector
is undergoing digitalization and adopts new technologies to improve patient care, offer new services for remote patients and reach operational excellence. The integration of new technologies in the complex healthcare IT infrastructure creates new challenges regarding data protection and cybersecurity.On the one hand, the COVID-19 pandemic has been a driver for increased cyber-attacks on healthcare organizations including phishing attacks that aim to collect user credentials as well as ransomware attacks that seek to encrypt the data of hospitals.On the other hand, the pandemic has helped to stress the need for remote healthcare services. Cloud
platforms have provided the elasticity and fast access required for the deployment of these services. Organizations subsequently deployed cloud solutions to cover ERP systems along with health information systems like electronic health records, data analytics, medical devices and telemedicine.To help IT professionals in healthcare security to establish and maintain cloud security while selecting and deploying appropriate technical and organizational measures, ENISA issued a study
that aims to provide cloud security practices for the healthcare sector.Legislative backgroundAccording to the European Union NIS Directive
, hospitals are defined as Operators of Essential Services
(OES), while cloud providers are Digital Service Providers
(DSP). Therefore, both hospitals and cloud vendors must comply with the NIS Directive security requirements when contracting ..