Hospital Security: Architecture Recommendations

The ENISA report from July 2023 on the cybersecurity situation in the European healthcare system highlights that hospitals are the most vulnerable medical units. As an integrator in the digitalization of multiple hospitals in Romania, Datanet Systems has always placed great emphasis on cyber risks and has integrated the most advanced security solutions into projects.

From Datanet Systems’ perspective, a modern telemedicine system is only truly valuable within a secure data network that guarantees confidentiality and integrity.


Are hospitals a preferred target?


The European Union Agency for Cybersecurity’s (ENISA) conclusion is that hospitals are the most affected institutions in the healthcare sector, accounting for 42% of attacks. The report analyzed 215 major incidents in the healthcare sector, including those in Romania. Also, it reveals that data theft is the primary goal for hackers, whether the attacks are ransomware (54% prevalence) or phishing. Furthermore, in the past two years, the average cost of a major security incident in healthcare has reached 300,000 euros.

Hospitals are targeted for several reasons, such as possessing highly valuable data (patient records), extensively using internet-connected medical equipment (64%), and being the least protected, lacking both qualified staff and necessary protective solutions. According to the ENISA report, healthcare organizations are exposed to risks due to a higher rate of misconfigurations in IT or medical equipment and a lack of adherence to cybersecurity best practices. ENISA’s research also indicates that a significant portion of medical equipment providers (40%) do not offer any cybersecurity protection programs for non-IT users.

Similarly, an analysis conducted as part of the European PANACEA program reveals that a medical professional connects to a computer or other information system over 80 times in a single day. To simplify these operations, medical staff often use the same password across all devices, share them within the department, or write them down on pieces of paper attached to monitors.


Types of Attacks and Threats


Based on the reported incidents’ analysis, it is obvious that hackers primarily target the disruption of medical institutions’ activities by demanding a ransom or stealing data. In either case, the operations of the affected hospitals have been severely impacted, either entirely or partially. Reported consequences include the closure of Emergency Departments, the suspension of surgical procedures, patient redirection to other hospitals, and operational disruptions.

For example, one of the most recent incidents reported in Romania, at the Sfântul Gheorghe Hospital from Botoșani, involved the encryption of the December database. As a result, the healthcare facility couldn’t report the services provided for reimbursements to the National Health Insurance House, facing also difficulties in paying salaries on time.

After ransomware, a significant percentage is represented by data theft attacks (46%), intrusions (13%), Distributed Denial of Service (DDoS) attacks (9%), malware (5%), and social engineering techniques (4%). Many of these attacks are correlated to achieve a common end goal.


Datanet Systems’ recommendation for hospital protection


Creating a minimal cybersecurity infrastructure for a hospital is crucial to protect sensitive patient information, as well as medical devices and systems. Datanet Systems recommends maintaining a balance between network and user protection and management. In digitalization projects undertaken in hospital organizations, Datanet recommends an approach that includes at least:

    • Firewall and Intrusion Detection/Prevention System (IDS/IPS) to monitor traffic, detect suspicious activities, and block potential threats. ( NGFW recommended solutions – Cisco FPR, Palo Alto, Fortinet)
    • Network segmentation to isolate sensitive patient data and medical devices from the rest of the IT infrastructure (recommended solution – Cisco SDA)
    • Access control and authentication, including the use of multi-factor authentication (MFA) and detailed access management to systems/solutions. (recommended solutions –  Microsoft AD, Cisco ISE, Cisco DUO)
    • Endpoint protection for all types of devices, including those used in BYOD scenarios and medical equipment. (recommended solutions: Cisco Secure Endpoint, Crowdstrike Falcon, Cisco Umbrella, Cisco Email Security)
    • Data encryption, both in transit and at rest, especially for patient record-related data. ( VPN recommended solution – Cisco Secure Client)
    • Backup and restoration to quickly counter any ransomware attack and maintain data access (recommended solution – Veeam Data Platform)
    • Cyber hygiene programs for medical staff to recognize phishing traps or other malicious messages.
    • Security Information and Event Management (SIEM) systems to centralize and correlate security events. (recommended solutionSplunk Enterprise Security)
    • Vulnerability management and regular system and application scanning to identify and remedy vulnerabilities.
    • Establishing strong security policies and procedures and ensuring the entire organization is aware of and adheres to them.
    • Creating an incident response plan with role assignments and responsibilities to minimize the impact of an attack.


Such an approach is essential, especially as the ENISA report shows that only 27% of monitored institutions have a functional ransomware protection program. Additionally, 46% have never conducted a risk analysis, and 95% struggle to identify these risks.

Conclusions: telemedicine requires security


Datanet Systems considers that in the coming years, additional pressure on the security of medical institutions will come from the implementation of Directive NIS2, which expands the scope and introduces new requirements for risk analysis and incident reporting.

Furthermore, the experience of recent years shows that cybersecurity is an ongoing process, and threats are constantly evolving. Hospitals should regularly assess their cybersecurity posture and adjust their infrastructure and policies accordingly. Collaborating with cybersecurity experts and staying informed about the latest threats and best practices is crucial for maintaining strong cybersecurity infrastructure in both public and private hospitals in Romania.

For more information about Datanet Systems’ solutions for hospital digitalization, please contact us at