• With this initiative, the cybersecurity company aims to develop and provide advanced solutions for the Health sector, mainly focused on the protection of information and medical devices (IoMT), third party risk management and the secure application of Artificial Intelligence; all to ensure business continuity in these environments.

 

Madrid, 17 January 2024. - SIA, Indra's leading cybersecurity company, has launched a Cybersecurity Centre of Excellence specialising in the healthcare sector with the aim of developing and providing advanced solutions adapted to the specific security needs of these environments. Focused on both the public and private sectors, it will respond to the main cybersecurity challenges of such a critical sector, where the adequate protection of patient information, medical infrastructures and devices, and operations can even save lives.

 

With an international focus and located at its headquarters in Alcobendas (Madrid), its technical team is made up of SIA cybersecurity experts specialised in this field, and also has the collaboration and sector and healthcare management knowledge of Minsait, Indra's digital transformation company. In addition, SIA adds to this commitment the support of its network of technology partners that have products and solutions to respond to current and future threats in healthcare environments. In order to make even more determined progress in its activity, it is working in parallel to incorporate entities and organisations dedicated to research and innovation in this field into the project through collaboration agreements in specific areas.

 

Roberto Espina, CEO of SIA, maintains that "the project carried out by this Centre is relevant for organisations in the field of healthcare and society in general. This is a very vulnerable sector that is constantly targeted by cybercriminals due to the volume of sensitive data it handles. According to a recent report by ENISA (the European Union Agency for Cybersecurity), cyber-attacks in this sector doubled in the first quarter of 2023 compared to the same period in 2021 and 2022, with not only hospitals but also service providers being targeted.

 

The Centre of Excellence will project its activity in several lines of action, mainly in the protection of information and medical devices (IoMT), the management of third-party risks, and the application of Artificial Intelligence contemplating its benefits and the risks involved, to ensure the continuity of activity in these environments, "since the unavailability of technologies and equipment can pose a serious threat to the provision of service and adequate and quality care to patients and citizens", as Roberto Espina assures.

 

Specifically, IoMT (internet of medical things) refers to medical devices connected to IT systems via the internet and/or to each other (e.g. large diagnostic machines or life-support monitoring devices); these allow healthcare professionals to improve and streamline patient care by being able to access information instantly and monitor patients remotely. However, in the face of these advantages, there are also challenges that need to be addressed: ensuring that all this sensitive information is stored securely and increasing the attack surface, with the growing deployment of obsolete, poorly visible and protected IoT devices, multiple manufacturers and protocols, and inadequate segmentation of the IT and OT networks to which they are connected.

 

On the other hand, helping hospitals and healthcare centres to prevent and manage risks to third parties is another objective of the SIA project. The management of cybersecurity by healthcare organisations must also include the control of the suppliers that collaborate with them. "Third parties must also form part of the protection and monitoring strategy, establishing specific processes and controls; cybersecurity risks in third parties are risks of their own," adds Espina.

 

Also, the future of healthcare involves the incorporation of AI into its systems and processes to move towards a more preventive, participatory, personalised and predictive medicine; it will contribute to improving the quality of care, obtaining more accurate and faster diagnoses, reducing investigation times and the workload of its professionals. However, its application is not risk-free, with numerous threats, especially in the legal sphere, when accessing and using patient health data, which requires solid legal and regulatory frameworks to safeguard the privacy, security and integrity of the data. Of particular importance in this regard is the recent approval by the EU of the world's first AI law to limit the risks it may present.

 

All these lines of work seek to continue to advance innovation and further develop the most appropriate and effective cybersecurity solutions for the challenges and needs of the healthcare sector. With this initiative, SIA also aims to consolidate its position as a strategic partner in cybersecurity for these organisations.

 

The launch of this Centre of Excellence reinforces SIA's commitment to protecting the healthcare sector; Indra's company already had an extensive presence in public and private healthcare organisations with projects of strategic value for governing and managing risk, for the prevention, detection and response to cyber-incidents with a global vision and capacity for local action, or with solutions for Identity Governance and Digital Signature, being responsible for the systems for accessing medical records and issuing electronic prescriptions in the majority of regional governments using cloud-based signatures.