Cybersecurity enhancement in the field of eHealth system development in Ukraine
DOI:
https://doi.org/10.26641/2307-0404.2024.4.319402Keywords:
confidential information, cyberattacks, cybersecurity, eHealth system, European legal sourcesAbstract
Today, more than ever, cybersecurity issues are crucial in all industries and sectors, yet healthcare remains the most vulnerable. This work aims to analyze the state of cybersecurity in the most successful European countries and to outline the main steps for strengthening cybersecurity in Ukraine's electronic healthcare system. A review of literature on electronic healthcare and cybersecurity in Europe and Ukraine was conducted using Web of Science, SCOPUS, Google Scholar, and legislative databases from each of the analyzed European countries, covering a total of 49 sources from 2020 to 2024. The search was conducted using scientific terms such as “eHealth system”, “cyberattack”, “cybersecurity”, “medical information systems”, “EU4 Health”, “electronic healthcare”, “digital healthcare services”, “Ministry of Health”, “confidential information”, “legislative framework”. A total of 83 sources were initially selected and reviewed. After systematizing the gathered information, 55 of the most relevant sources were retained. Exclusion criteria included publications that did not align with the purpose of this review. The methods used included bibliographic, analytical, and forecasting. The analytical method was applied to compare Ukraine’s approach to ensuring cybersecurity in electronic healthcare with those of countries such as Estonia, Germany, France, and the United Kingdom, allowing the identification of key differences and potential improvements for Ukraine's system. Additionally, the forecasting method was used to assess future initiatives and plans in eHealth cybersecurity that should be implemented to further develop Ukraine’s protective systems. First, a clear concept of “cybersecurity of electronic healthcare” was formulated, identifying its key components. Second, the establishment of a regulatory framework was proposed to detail the aspects of cybersecurity in electronic healthcare, including guidelines and methods for supporting and improving protection systems in medical institutions. It is recommended to incorporate these provisions into the laws “On Cybersecurity” and “Fundamentals of Ukrainian Legislation on Healthcare” to enhance the effectiveness of cybersecurity measures in healthcare. Thirdly, we analyze the effectiveness of the most common cybersecurity tools and provide recommendations for their use in Ukraine: introducing regular backups for all medical systems, setting up firewalls, centralized IDS/IPS systems, mandatory data encryption, enhanced VPN authentication, automated threat monitoring systems, and engaging experts to ensure comprehensive cybersecurity of medical institutions. This will help to preserve significant amounts of confidential information and ensure the possibility of recovering lost data. The need to adapt the best European practices to the special conditions in Ukraine to work confidently in the face of potential and real threats was emphasized, which will allow timely response to new challenges and ensure cybersecurity.
References
Muzyka-Stefanchuk OA, Otradnova OO, Danchenko TV, Muzyka LA, Savenkova VH. Public administrative services in health care. Zaporozhye Medical Journal. 2020;22(2):261-6. doi: https://doi.org/10.14739/2310-1210.2020.2.200634
Venediktova A. Public services in the medical sphere. Medical Law [Internet]. 2009 [cited 2024 Oct 03];3:7-14. Available from: http://medicallaw.org.ua/fileadmin/user_upload/pdf/3_-_1_-_Venediktova.PDF
Shevchuk I. Aspects of legalregulation of the pro-vision of medical services. Amazonia Investiga. 2020;9(27):357-66. doi: https://doi.org/10.34069/AI/2020.27.03.39
Velikanov A. [The content of public electronic services in the field of health care]. Entrepreneurship, Economy and Law. 2020 Dec;12:137-42. Ukrainian. doi: https://doi.org/10.32849/2663-5313/2020.12.23
[Fundamentals of the Legislation of Ukraine on Healthcare. Law of Ukraine N 2801-XII 1992 Nov 19]. [Internet]. 1992 [cited 2024 Oct 03]. Ukrainian. Available from: https://zakon.rada.gov.ua/laws/show/2801-12#Text
[What is electronic health care?]. Department of health protection of Ternopil region administration [Internet]. [cited 2024 Jan 18]. Ukrainian. Available from: https://uozter.gov.ua/ua/681-reestr-zakladiv-oblasti-e-servisi
EU4Health Program 2021-2027 – a Vision for a Healthier European Union. n.d. Public Health [Internet]. 2021 [cited 2024 Jan 26]. Available from: https://health.ec.europa.eu/funding/eu4health-programme-2021-2027-vision-healthier-european-union_en
The Seventy-second session of the European Regional Committee: Tel Aviv, 12-14 September 2022: Regional action plan in the field of digital health for the WHO European Region 2023-2030. Globethics [Internet]. 2022 Jul 28 [cited 2024 Jan 18]. Available from: https://repository.globethics.net/handle/20.500.12424/4184161?locale-attribute=en
Global strategy on digital health 2020-2025. Geneva: World Health Organization; 2021.
Ustinov N. [Electronic health care system open for registration of doctors and patients]. Ukrainian medical journal Chasopys [Internet]. 2017 Sep 21 [cited 2024 Jan 24]. Ukrainian. Available from: https://www.umj.com.ua/article/114387/elektronna-sistema-ohoroni-zdorov-ya-vidkrita-dlya-reyestratsiyi-likariv-i-patsiyentiv
[The first medical institutions joined the pilot of the eHealth system. 2017. Ministry of Health of Ukraine]. [Internet]. 2017 Jun 20 [cited 2024 Jan 24]. Ukrainian. Available from: https://web.archive.org/web/20210910003045/https://moz.gov.ua/article/news/pershi-medichni-zakladi-doluchilisja-do-pilotu-systems-ehealth
[The project office handed over the eHealth system to the Ministry of Health. 2018. Ministry of Health of Ukraine]. [Internet]. 2018 Jun 6 [cited 2024 Jan 24]. Ukrainian. Available from: https://web.archive.org/web/20180305062948/https://www.ehealth-ukraine.org/news/proektnij-ofis-peredav-moz-sistemu-ehealth-58
Electronic health: what does the eHealth system in Ukraine consist of. Ukrainian Medical Journal [Internet]. 2018 Oct 18 [cited 2024 Jan 26]. Available from: https://umj.com.ua/uk/novyna-131430-elektonne-zdorov-ya-z-chogo-skladayetsya-sistema-ehealth-v-ukrayini
[Hospitals can now register in the electronic health care system]. ukrinform.ua [Internet]. 2020 Aug 8 [cited 2024 Jan 24]. Ukrainian. Available from: https://web.archive.org/web/20200808032636/https://www.ukrinform.ua/rubric-society/2810529-likarni-vze-mozut-reestruvatisa-v-elektronnij-sistemi-ohoroni-zdorova.html
Goncharova K. Deputy suprun told how the eHealth system is protected from cyber attacks. Media Sapiens [Internet]. 2019 July 31 [cited 2024 Jan 24]. Available from: https://web.archive.org/web/20190731114238/https://ms.detector.media/web/cybersecurity/zastupnik_suprun_rozpoviv_yak_sistemu_ehealth_zakhischayut_vid_kiberatak/
[Digital Med 2020: challenges and development of eHealth in Ukraine]. Pharmacy Online [Internet]. 2020 Oct 19 [cited 2024 Jan 24]. Ukrainian. Available from: https://www.apteka.ua/article/568312
[The Cabinet of Ministers approved the Concept of the development of the electronic health care system]. ukrinform.ua [Internet]. 2020 Dec 28 [cited 2024 Jan 24]. Ukrainian. Available from: https://www.ukrinform.ua/rubric-society/3162532-kab-min-zatverdiv-koncepciu-rozvitku-elektronnoi-sistemi-ohoroni-zdorova.html
[On the approval of the concept of the development of electronic health care. Order Cabinet of Ministers of Ukraine from 2020 Dec 28, No. 1671]. [Internet]. 2020 [cited 2024 Jan 24]. Ukrainian. Available from: https://zakon.rada.gov.ua/laws/show/1671-2020-%D1%80#Text
Ustinov OV. [Digitalization of health care: results of the year and plans for the future]. Ukrainian Medical Journal [Internet]. 2023 Dec 21 [cited 2024 Jan 26]. Ukrainian. Available from: https://www.umj.com.ua/uk/novyna-249615-tsifrovizatsiya-ohoroni-zdorov-ya-pidsumki-roku-ta-plani-na-future
Kütt A. Estonia and Sweden to join forces to drive innovation in Healthcare. Invest in Estonia [Internet]. 2023 [cited 2024 Jan 26]. Available from: https://investinestonia.com/estonia-and-sweden-to-join-forces-to-drive-innovation-in-healthcare
Whitehouse D, Giest S, Dumortier J, Artmann J. Country Brief: Wales. [Internet]. eHealth Strategies: European Commission; 2010 [cited 2024 Jan 26]. Availab¬le from: https://ehealth-strategies.eu/database/documents/-Wales_CountryBrief_eHStrategies.pdf
NSW government. eHealthstrategy for NSW Health 2016-2026: A digitally enabled and integrated health system delivering patient-centred health experiences and quality health outcomes. NSW Government; 2016.
The Scottish Government. Health and social care: Data strategy [Internet]. 2023 Feb 23 [cited 2024 Jan 26]. Available from: https://www.gov.scot/publications/data-strategy-health-social-care-2
[Health and Social Care Northern Ireland 2022-2030, Digital Strategy]. [Internet]. 2022 Jul 11 [cited 2024 Nov 1]. Nothern Ireland. Available from: https://www.health-ni.gov.uk/sites/default/files/publica-tions/health/doh-hscni-digital-strategy-final.pdf
Department of Health. Cyber Security Strategy. HSC Northern Ireland 2022-2026. E-book. [Internet]. 2022 [cited 2024 Nov 1]. Available from: https://niopa.qub.ac.uk/bitstream/NIOPA/15413/1/doh-cyber-strategy-2022_0.pdf
Second act to increase the security of information technology systems (IT Security Act 2.0) [Internet]. Bonn: Bundesamtes für Sicherheit in der Informationstechnik; 2021 [cited 2024 Jan 26]. German. Available from: https://www.bsi.bund.de/DE/Das-BSI/Auftrag/Gesetze-und-Verordnungen/IT-SiG/2-0/it_sig-2-0_node.html#:~:text=Der%20Bundesrat%20hat%20das%20GesetzApril%2020 2021%20verabschiedet
Kiteworks. What is GDPR? Protection of data and personal rights. Kiteworksyour private content network [Internet]. 2023 Feb 8 [cited 2024 Jan 26]. Available from: https://www.kiteworks.com/de/risiko-compliance-glossar/dsgvo/#:~:text=Die%20General%20Data%20Protection%20Regulation%20(GDPR)%20ist%20ein%20umfassendes%20Datenschutz,ihre%20pers%C3%B6nlichen%20Daten%20zu%20geben
[EHealth Expertise in France – Expertise. French Healthcare]. French Healthcare [Internet]. 2023 Sep 15 [cited 2024 Jan 26]. French. Available from: https://frenchhealthcare.fr/expertises/eHealth/
[Cross-border electronic health services]. Public Health [Internet]. 2024 Jan 9 [cited 2024 Jan 18]. French. Available from:https://health.ec.europa.eu/ehealth-digital-health-and-care/electronic-cross-border-health-services_fr
Atella V. Challenges and Opportunities for the French Health System. E-book. 31st ed. [Internet]. Fondazione Farmafactoring; 2020 [cited 2024 Jan 18]. Available from: https://www.bff.com/documents/2155734/-2177835/FarmafactoringFoundation-ResearchPapers-03_2020-FR.pdf/bb0b1d74-5e0b-9806-561b-74cfa2809a31
Collier R. NHS ransomware attack spreads worldwide. CMAJ. 2017 Jun 5;189(22):786-7. doi: https://doi.org/10.1503/cmaj.1095434
Palmer D. Ransomware: How the NHS learned the lessons of wannacry to protect hospitals from attack. ZDNET [Internet]. 2021 May 13 [cited 2024 Jan 26]. Available from: https://www.zdnet.com/article/ransomware-how-the-nhs-learned-the-lessons-of-wannacry-to-protect-hospitals-from-attack/
Smart W. Lessons learned review of the wanna-cryransomware cyber attack [Internet]. London: gov.uk; 2018 [cited 2024 Jan 26]. Available from: https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf
Eddy M, Perlroth N. Cyberattack suspected in German woman's death. The New York Times [Internet]. 2020 [cited 2024 Jan 26]. Available from: https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html
Nath B. Woman died after a ransomware attack Encrypted hospital services. Techdator (blog) [Internet]. 2022 Dec 26 [cited 2024 Jan 26]. Available from: https://techdatoral.pages.dev/posts/woman-died-after-a-ransomware-attack-encrypted-hospital-services
Arishti Info Labs. Ransomware Attack on Irish Healthcare System – Arishti Info Labs. Medium [Internet]. 2022 March 5 [cited 2024 Feb 6]. Available from: https://arishti.medium.com/ransomware-attack-on-irish-healthcare-system-82b973b7abb4
Kerkour T. [Cyberattacks against healthcare estab¬lishments doubled in 2021]. Le Figaro [Internet]. 2022 Feb 15 [cited 2024 Feb 5]. French. Available from: https://www.lefigaro.fr/secteur/high-tech/les-cyberattaques-contre-les-etablissements-de-sante-ont-double-en-2021-20220215
Afp, Le Parisien Avec. [Cyberattack at Dax hospital: very gradual recovery, no ransom paid]. leparisien.fr. [Internet]. 2021 Feb 12 [cited 2024 Feb 5]. French. Avai¬lable from: https://www.leparisien.fr/faits-divers/cyberat¬taque-a-lhopital-de-dax-reprise-tres-progressive-aucune-rancon-payee-11-02-2021-KICTQBN3D5GNNJS6GRFAVZMCKU.php
Versailles hospital victim of cyberattack. Les Echos [Internet]. 2022 Dec 5 [cited 2024 Feb 5]. Available from: https://www.lesechos.fr/pme-regions/ile-de-france/lhopital-de-versailles-victime-dune-cyberattaque-1885808#:~ :text=L'%C3%A9tablissement%20hospitalier%20de%20%20Versailles%2C%20dans%20les%20Yvelines%2C%20est,le%20coup%20de%20cette%20cyberattaque
leparisien.fr [Internet]. [Victim of a computer attack, the Villefranche-sur-Saône hospital is forced to cancel operations]. Paris: Le Parisien; 2021 Feb 16 [cited 2024 Feb 6]. French. Available from: https://www.leparisien.fr/faits-divers/
portail-ie.fr [Internet]. [Portail De L'IE: A look back at major cyberattacks in France in 2022: what resolutions for 2023 April 17]. 2023 [cited 2024 Feb 5]. French. Available from: https://www.portail-ie.fr/univers/
[On the establishment of a Working Group on the development and implementation of the Concept of strategic directions for the development of cybersecurity in the field of electronic healthcare. Order 2022 Jun 15 No. 1034]. [Internet]. 2022 Jun 15 [cited 2024 May 11]. Ukrainian. Available from: https://zakon.rada.gov.ua/rada/show/v1034282-22#Text
[Ministry of Health of Ukraine. Plan for the restoration of the health care system of Ukraine from the consequences of the war for 2022-2032]. Dataset. Govern¬ment portal [Internet]. 2022 [cited 2024 May 11]. Ukrainian. Available from: https://moz.gov.ua/uploads/ckeditor/News/21-07-2022-Draft-Ukraine%20HC%20System%20Recovery%20Plan-2022-2032_UKR.pdf
Serafini G. Cips Legal. Firewall e Sistemi IAM. SGSI e conformità NIS2. [Internet]. Cips Legal; 2024 Oct 18 [cited 2024 Oct 5]. Available from: https://www.cipslegal.it/nis2/atti-documenti-nis2/firewall-e-sistemi-iam-sgsi-e-conformita-nis2/
Cybersecurity Exchange. IDS vs. [Internet]. IPS: Key Difference and Similarities Best for Cybersecurity; 2023 Dec 15 [cited 2024 Nov 22]. Available from: https://www.eccouncil.org/cybersecurity-exchange/network-security/ids-and-ips-differences/
Compliancy Group. VPN in Healthcare. Health-care Data Protection [Internet]. Compliancy Group; 2023 [cited 2024 Nov 22]. Available from: https://compliancy-group.com/using-vpn-for-healthcare-data-protection/
Efficient medical information retrieval in encrypted Electronic Health Records [Internet]. PubMed. 2012 [cited 2024 Nov 22]. Available from: https://pubmed.ncbi.nlm.nih.gov/22874185/
[On information protection in information and communication systems. The law of Ukraine 1994 No. 80/94-VR]. [Internet]. 1994 [cited 2024 Feb 6]. Ukrainian. Available from: https://zakon.rada.gov.ua/laws/show/80/94-вр#Text
[On the Basic Principles of Cybersecurity in Uk-raine. The law of Ukraine 2017 No. 2163-VIII]. [Internet]. 2017 [cited 2024 May 30]. Ukrainian. Available from: https://zakon.rada.gov.ua/laws/show/2163-19?lang=en#Text
[On the protection of personal data. The law of Uk¬raine 2010 No. 2297-VI]. [Internet]. 2010 [cited 2024 Feb 6]. Ukrainian. Available from: https://zakon.rada.gov.ua/laws/show/2297-17#Text
[About state secrets. The law of Ukraine 2024 No. 3855-XII]. [Internet]. 2024 [cited 2024 Feb 6]. Ukrai-nian. Available from: https://zakon.rada.gov.ua/laws/show/3855-12#Text
[On information 2657-XII. Official web portal of the Parliament of Ukraine. Verkhovna Rada of Ukraine]. [Internet]. 1992 [cited 2024 Feb 6]. Ukrainian. Available from: https://zakon.rada.gov.ua/laws/show/2657-12#Text
Prioritising eHealth cybersecurity against emer-ging challenges. ENISA [Internet]. 2024 [cited 2024 Nov 10]. Available from: https://www.enisa.europa.eu/news/prioritising-ehealth-cybersecurity-against-emerging-challenges
Country development cooperation strategy 2019-2024: USAID country development cooperation strategy for Ukraine (2019-2024). Agency for International Deve-lopment. USAID [Internet]. 2024 [cited 2024 Feb 6]. Available from: https://www.usaid.gov/sites/default/files/2022-05/Uk-raine_USAID_CDCS_2019-2024_Public_EN_12.pdf
[USAID project “Health care reform support”]. Brovary City Council [Internet]. 2023 Dec 27 [cited 2024 Feb 6]. Ukrainian. Available from: https://brovary-rada.gov.ua/news/proiekt-usaid-pidtrymka-reformy-okhorony-zdorovia
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Medicni perspektivi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Submitting manuscript to the journal "Medicni perspektivi" the author(s) agree with transferring copyright from the author(s) to publisher (including photos, figures, tables, etc.) editor, reproducing materials of the manuscript in the journal, Internet, translation into other languages, export and import of the issue with the author’s article, spreading without limitation of their period of validity both on the territory of Ukraine and other countries. This and other mutual duties of the author and all co-authors separately and editorial board are secured by written agreement by special form to use the article, the sample of which is presented on the site.
Author signs a written agreement and sends it to Editorial Board simultaneously with submission of the manuscript.
