Cyber Threats in Hospitals: GDPR and NIS2 Regulations in Preventing USB Injections

Abstract

Cybersecurity is crucial in healthcare due to the escalating use of digital technologies and the rise in cyber-attack risks. This research demonstrates the necessity for robust strategies to safeguard physical and digital infrastructures, ensuring the security of patient data and healthcare services. Healthcare providers can protect themselves from the prevalent cyber-attack risks by establishing robust security measures, protocols, and actions. The study aims to demonstrate the importance of aligning cybersecurity measures with the stringent regulatory demands of the General Data Protection Regulation (GDPR) and the Network and Information Systems Directive (NIS2). The security, privacy, and integrity of patient data within systems require a commitment to technical enhancements and procedural changes. Adhering to these regulations is not just obligatory, but also advantageous, as a secure information environment bolsters patients' confidence in the healthcare system. However, it is not easy to achieve a healthcare environment that is completely safe and compliant due to many challenges. Numerous challenges exist, such as enforcing uniform security measures across disparate systems and integrating new security technologies into legacy environments.

The rising use of USB devices by healthcare staff has made hospital work areas more accessible to non-employees, including patients, their families, and students at university hospitals. Staff members may not fully comprehend the risks associated with using USB devices for exchanging clinical information. A virus infection in a portable USB device connected to Point of Care Testing (POCT) equipment can result in a partial denial of service. Navigating the complicated regulatory requirements adds to the complexity of this vital task. Although there are many obstacles, the proposed strategies provide a clear path to move forward. Organisations can fortify themselves against rising cyber threats by fostering a culture of continuous improvement and dedication, investing in the modernisation of outdated systems, and placing cybersecurity at the forefront of healthcare service delivery. This proactive approach is about safeguarding the core of healthcare, which is the health and safety of patients. The research question is: What vulnerabilities do USB devices introduce into healthcare systems, and how do they conflict with GDPR and NIS2 standards?