infinilink @ Agenda România 4.0. | Cybersecurity in Medicine: Challenges, Regulations & Practical Solutions
Recently, at the Agenda România 4.0. event in Timișoara, cybersecurity experts, medical institution representatives, and authorities discussed the challenges and concrete solutions in medical cybersecurity. The panel brought together specialists from key institutions such as DNSC and STS, as well as private security companies.
Ioan Codrea (Managing Partner of infinilink.com) had deeper insights regarding regulations, practical solutions, and funding methods for cybersecurity initiatives.
Current threats need rapid responses
The medical sector faces increasingly sophisticated threats. According to statistics, 11% of ransomware attacks in 2024 targeted the medical sector. Moreover, ENISA reports that 76% of attacks on the medical system are carried out through standard web protocols, and 39% come from inside.
A concrete example of an attack was the one on February 12, 2024, targeting multiple hospitals in Romania. “The restoration process involved downtimes ranging from several hours to two weeks, creating chaos in the absence of clear procedures for switching to classical operations,” detailed David Burcovschi (Hypen).
The institutional response’s rapidity was remarkable: by February 14, DNSC had already organized a well-attended workshop, providing guidelines and solutions for healthcare system security issues. “Through the PNRISC platform, any institution can report security incidents, and our teams promptly intervene, coordinating the response at a national level,” explained Mihai Constantinescu (DNSC).
Regulatory and compliance framework
Ioan Codrea (infinilink) presented a detailed analysis of NIS2 requirements, highlighting two types of compliance:
1. Procedural compliance: internal IT procedures based on ISO 27001; reporting protocols; periodic and technical audits. “Romania is surprisingly well-positioned in terms of NIS2 documentation and implementation, even better than Germany,” emphasized Ioan Codrea.
2. Technical compliance, with several components including: network segmentation; 2FA/two-factor authentication; scanning solutions; incident reporting and logging.
“Romania is surprisingly well-positioned in terms of NIS2 documentation and implementation, even better than Germany,” emphasized Ioan Codrea.
Staff-expertise challenges
One of the most pressing issues is the lack of cybersecurity specialists in medical institutions. Alexandru Costache (Medici Pentru România) highlighted two main causes:
- Substantial salary difference between public and private sectors
- Low level of professional development in small hospitals
Solutions proposed by panelists include:
1. Service outsourcing: Ioan Codrea mentioned the DigiVest initiative, the regional IT cluster that brings together city halls, county councils, and IT companies; offers Proof of Concept programs for security solutions; and facilitates public-private partnerships.
2. Security Operations Centers (SOC): “Hospitals can access professional monitoring and protection services without requiring extensive internal teams,” explained Marilena Ianculescu (ICI București).
Cybersecurity solutions funding
Several funding sources are available for medical institutions:
- Funds through PNRR for digitalization and security
- European programs for training and infrastructure
- Public-private partnerships through regional clusters
“An incident can generate much higher costs than the initial investment in prevention,” emphasized David Burcovschi, who proposes preventive budget allocations.
Education and professional development
Experts highlighted the need for a multi-level approach in security education:
1. Government initiatives, such as DNSC:
- Offers internship and mentoring programs
- Has developed partnerships with universities for certified cybersecurity courses
- Proposes a national platform for educational guidelines and resources
2. Private programs: For example, infinilink had summer internship programs: 4 students in Bucharest and 2 students in Timișoara, focusing on practical experience in cybersecurity.
3. Academic collaborations: “We need to integrate cybersecurity concepts into the medical curriculum,” suggested one of the participating professors, proposing optional modules and practical workshops.
Immediate practical solutions
Ioan Codrea synthesized the essential steps for medical institutions:
1. Network segmentation: separation of critical data; isolation of administrative networks; visitor access management
2. Authentication and control: mandatory 2FA implementation; strict password policies; continuous monitoring
3. Periodic training: phishing exercises; emergency procedures; security updates
Future perspectives
“In the next 3-5 years, approximately half of medical acts will involve digital systems and AI,” estimated one participant, emphasizing the growing importance of cybersecurity in medicine.
Regionally in Timișoara, the CyberTM event, organized by infinilink, continues to develop the regional cybersecurity community, providing a forum for exchanging experience and best practices in cybersecurity. For the 2025 edition of the event, we aim to expand educational content for companies/SMEs and give more importance to critical domains such as healthcare and finance-banking.
Special mentions
The cybersecurity panel at the Agenda România 4.0. event included experts from various fields of cybersecurity and the medical system:
- Andrei Nistor (Agenda România 4.0., Digitalio)
- Mihai Constantinescu (DNSC/Directoratul Național de Securitate Cibernetică)
- Dragoș Ignătescu (STS/Serviciul de Telecomunicații Speciale)
- Alexandru Costache (Medici Pentru Romania)
- Ioan Codrea (infinilink.com)
- Andrei Voichița (DueVerde)
- Marilena Ianculescu (ICI București)
- Daniel-Florin Pitiș (SecurityPatch)
- David Burcovschi (Hypen)
Discuțiile au fost moderate de Alex Ion (GrowGrow.AT) și Alexandra Ferencz (Liga Studenților din Universitatea de Științele Vieții Timișoara).