2025

Tikanmäki, Ilkka; Blek, Tiina; Niskakangas, Johanna; Varamäki, Katja

In today's digital age, healthcare organisations are increasingly vulnerable to cyberattacks, making cybersecurity a crucial component of healthcare management. Protecting sensitive patient, medical, and personal data against hackers, cybercriminals, and other malicious entities cannot be understated. The CIA triad—confidentiality, integrity, and availability—is fundamental to cybersecurity in healthcare, safeguarding data privacy, accuracy, and access. The Cybersecurity in Everyday Work in the Social and Healthcare Sector (KyberSoTe) project is designed to identify prevalent cyber threats social and healthcare professionals encounter by utilising high-quality research, surveys, and firsthand data. Organisations in the social and healthcare sectors must implement practices to strengthen the cyber-safe behaviour of their personnel. The importance of cybersecurity lies in the presence of educated staff and a robust information security culture, as cybersecurity often relies on human vulnerability. Despite the increasing frequency of cyberattacks, awareness of cybersecurity threats and the impact of individual actions on organisational security remains low among social and healthcare professionals. The social and health sector faces a growing threat from cyberattacks, necessitating preparedness for present and future risks. Hospitals have adopted various strategies, such as enhanced staff training, endpoint management, stakeholder coordination, and anti-virus solutions, to bolster their cyber resilience. National and international organisations recommend measures, including software and application security, infrastructure protection, cloud and IoT security, and robust security management systems. Key components of cyber resilience include access control, information security, network security, and user security. Healthcare facilities can prevent cyberattacks through staff training, routine system updates, and advanced security tools. Prioritising cybersecurity and establishing detailed strategies and contingency plans are crucial for preventing intrusions. Insufficient security standards and a lack of comprehensive security strategies are reasons why hospitals are particularly vulnerable. Preventing data breaches that threaten patient data requires urgent attention to cybersecurity and cyber-hygiene practices. Healthcare institutions must develop clear policies and contingency plans to manage potential cyberattacks and their consequences. Emphasising the importance of cybersecurity, healthcare organisations must take proactive measures to safeguard sensitive patient data and prevent losses from system failures, reputational damage, and other cyberattack-related issues.