Procurement Guidelines for Cybersecurity in hospitals: New online tool for a customised experience


The new tool helps healthcare organisations identify best practices in order to meet cybersecurity needs when procuring products or services.


To facilitate the use of the Procurement Guidelines for Cybersecurity in Hospital published in 2020, The European Union Agency for Cybersecurity (ENISA) released an online tool on 7 April 2021 to support the healthcare sector in identifying procurement good practices to meet cybersecurity objectives when procuring products or services.


As cybersecurity becomes more of a priority for hospitals, it is essential that it is integrated holistically in the different processes, components and stages influencing the healthcare ICT ecosystem. Procurement is a key process shaping the ICT environment of modern hospitals and, as such, should be at the forefront when it comes to meeting cybersecurity objectives. This report offers cybersecurity guidelines for Hospitals when procuring services, products and infrastructure. All good practices are linked to types of procurement for which they are relevant and to threats which they can mitigate, providing an easy to filter set of practices for hospitals who want to focus on particular aspects.


In addition, the Agency also publishes a concise version of the procurement guidelines dedicated to the sector in each of the 24 EU official languages.


Cybersecurity is one of the main topics of Digital Age. From the beginning of the transition process to Digital Age, European Nations had realised that they need to take measures on protecting the privacy of their citizens. Also, with the beginning of the COVID-19 Pandemic, the world has entered into a new era. Combining these two topics are crucial for the future of Europe. We would like to remind that one of our Working Groups is Digital Age, where we gather experts and carry out projects and researches on current digital agenda of the EU - one of them being cybersecurity and issues revolving around it.


Cybersecurity in Healthcare: why does it matter?


The COVID-19 pandemic demonstrated the value of eHealth services such as telemedicine and remote patient care.


Since it has become increasingly digital and interconnected, the healthcare sector needs to consider cybersecurity as an enabler and as a key factor for ensuring the resilience and availability of key healthcare services.


Cybersecurity needs to be envisaged throughout the procurement lifecycle. IT departments should be involved in procurement activities as the cybersecurity implications in the procurement of any product or service should be well understood and consistently addressed by healthcare organisations.


Source: European Union Agency for Cybersecurity