Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
EU: ENISA publishes cybersecurity procurement guidelines for hospitals
The European Union Agency for Cybersecurity ('ENISA') announced, on 24 February 2020, that it had published guidelines ('the Guidelines') on cybersecurity in the context of procurement of services, products, and infrastructure by hospitals. In particular, ENISA highlighted that given the high sensitivity of medical data and the potential vulnerability of the healthcare sector, cybersecurity mechanisms should be implemented in every step to safeguard patient data privacy and the resilience of healthcare services. In addition, the Guidelines, identify the types of procurement and the corresponding assets relevant to hospitals' cybersecurity infrastructure, and outline the possible threats, risks and challenges related to procurement in hospital organisations.
Moreover, the Guidelines propose a set of good practices to meet relevant cybersecurity objectives, including the importance of encrypting sensitive personal data, which is part of the special categories of data defined in Article 9 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
You can read the press release here and download the Guidelines here.