In the era of accelerated digitization, cybersecurity within healthcare facilities has become an essential strategic priority, not only for data protection but also to ensure the continuity of healthcare services.
ASL Roma 1, a public health provider in Rome, has distinguished itself in the global healthcare landscape over the past two years by implementing advanced cybersecurity strategies, moving toward a hyper convergent security model, the so-called HyperSOC, in response to the growing cyber attacks in the global healthcare sector.
A HyperSOC represents an advanced and highly integrated version of a security operations center (SOC), which is the service or function within an organization that monitors, evaluates and defends IT systems against cyberattacks, security breaches and other cyber threats.
The HyperSOC represents the future of cybersecurity management and operation, with the goal of preventing large-scale attacks and minimizing damage when they occur. This type of operations center is crucial for organizations facing an increasing number of sophisticated threats in an increasingly complex digital environment such as the scope of ASL Roma 1 which is one of the largest healthcare companies in Europe.
In recent years, the healthcare sector has become one of the main targets for cyberattacks, with incidents ranging from the theft of sensitive data to the paralysis of entire hospital systems from ransomware. According to recent reports, ransomware attacks against healthcare institutions have shown a significant increase, intensifying pressure on hospitals. In this context, the ability to prevent, detect, and quickly respond to cyberattacks has become crucial.
The increase in cyberattacks in the healthcare sector has therefore made cybersecurity an indispensable priority, especially in Europe and Italy, where healthcare institutions face unique challenges due to the complexity and sensitivity of the data managed.
In 2020, global health data breaches cost victimized organizations approximately $21 billion, with an average cost per incident of about $923 million, according to Expert Insights. The high value of personally identifiable information (PII) in the healthcare sector significantly contributes to these costs.
Europe has seen a significant increase in cyberattacks against healthcare facilities. In particular, Germany reported a doubling of health-related cyberattacks in 2020, and France reported 27 significant breaches in the same period.
Ransomware continues to represent the most significant threat, as demonstrated by high-profile attacks such as the WannaCry incident in the United Kingdom. Just last year, hundreds of ransomware attacks were recorded across Europe, highlighting the urgent need for robust cybersecurity measures.
In Europe, the average cost of a healthcare data breach, according to HIPAA Journal, has reached record levels, with Italy reporting significant costs associated with managing the consequences of such breaches. Financial losses stem not only from the direct costs of data recovery but also from the impact on the reputation of the institutions affected.
Italy, in particular, saw a 30% increase in cyberattack attempts against healthcare facilities compared to the previous year, with more than 200 healthcare institutions affected in just the last year. The average cost of a data breach in Italy is estimated to be around €5 million, underscoring the financial severity of these incidents for the national healthcare sector.
The European response to cyberattacks in the healthcare sector includes a strong commitment to training staff and adopting advanced security technologies. Italy, in particular, has implemented stringent cybersecurity regulations and strengthened collaborations between the public and private sectors to improve response capabilities to cyber attacks. In January, the Council of Ministers approved a bill that included provisions regarding computer crimes and strengthening national cybersecurity, and stated “There is an obligation to report and notify incidents.”
In Italy, national policies aim to strengthen the security of health information through the mandatory adoption of high data protection standards such as the NIS2 Cybersecurity Directive and the promotion of joint research and development initiatives in the field of cybersecurity.
ASL Roma 1 has responded to these challenges by integrating and enhancing its IT security system. Through the adoption of technologies such as intrusion detection and intrusion protection systems, centralized log management with platforms like Elastic Stack, and protection of endpoints and medical devices, ASL Roma 1 has significantly strengthened its infrastructure. The introduction of HyperSOC is a further step in this direction, marking the transition from a reactive to a proactive and predictive model in the management of cyber threats. This is a paradigm shift for us in moving from passive alerting on attacks to proactive protection—machine learning systems have been important here. Models such as the MITRE ATT&CK framework have also helped us map threats that previously passed unnoticed.
Since our HyperSOC became fully operational, despite the considerable increase in attacks, we have recorded a significant decrease in security incidents, establishing new security standards in the healthcare sector. At ASL Roma 1, for example, we detected more than one million incidents in 2023; this percentage of attacks we detected has tripled but the number of incidents decreased by 90%.
The attack surface of the infrastructure is now continuously monitored with tools that offer unprecedented visibility and control, making ASL a model reference in the security of health information.
Looking to the future, ASL Roma 1 intends to further expand its HyperSOC by integrating advanced artificial intelligence solutions that can predict and neutralize attacks before they have the opportunity to cause damage.
The goal is to develop an even more resilient system capable of dynamically adapting and reacting to the changing tactics of attackers. Crucial will be the integration with the new Polo Strategico Nazionale, which was set up to provide Italy's public administration with a highly reliable cloud infrastructure that hosts data as well as critical and strategic services.
We will also continue to invest in advanced training for our staff (because we are firmly convinced that technology alone cannot guarantee all the necessary security). The human element remains crucial because daily practices and timely response to alarms are equally vital for the overall security of the system.
Adherence to the new NIS2 directive, which mandates regular system updates and vulnerability assessments to quickly adapt to new threats, will allow for the expansion of procedural security audits combined with simulation exercises of attack scenarios, ensuring that our network is always prepared for the inevitable intrusion attempts that grow exponentially every year.
Recognizing the importance of effective collaboration in the fight against cybercrime, ASL Roma 1 also intends to extend its network of collaboration with other healthcare institutions, government entities, and technology partners. We are convinced that these alliances will allow for an exchange of knowledge and resources that further strengthen security not only at a local level but also on a larger scale.
The transformation undertaken by ASL Roma 1 over the last two years is a clear indicator of how cybersecurity in the healthcare sector is evolving from a reactive to a proactive and preventive approach. With HyperSOC, ASL Roma 1 not only intends to safeguard its digital and physical assets but also to establish a model for other healthcare institutions in the region, emphasizing the importance of integrated and anticipatory cybersecurity.
This commitment will not only continue to protect the sensitive data of patients but will also ensure the operational continuity of our healthcare services, which is fundamental in an era of increasingly sophisticated cyber threats.
The goal of ASL Roma 1 is not only to be the custodians of the physical health of our patients but also to be at the forefront in defending their information, positioning ourselves as an active proposal in setting security standards for the global healthcare sector.
Stefano Scaramuzzino is the cybersecurity team leader and network and information systems manager, for ASL Roma 1, Italy's largest local health authority.
