News

Security breaches in the healthcare sector can have critical consequences. A ransomware attack, for instance, can lock medical records, disrupt surgeries, and compromise medical equipment, putting patients' lives at risk. Therefore, cybersecurity must be a priority in digital health and requires specific strategies to prevent attacks and protect data.

This was the central theme of the first meeting of the Latin American and Caribbean Telemedicine University Network (RUTE-ALC), held on March 12 with the session "Cybersecurity in Healthcare: Protecting Data and Critical Systems." The discussion was moderated by Yuri Ferreira, Data Protection Officer of the Brazilian advanced network RNP, along with Ivan Tasso Benevides, RNP's Security Operations Manager, and Adriana Abad from Ecuador's Ministry of Public Health.

Ferreira highlighted that "health data, even when public, requires strict security measures and privacy protection because it is considered sensitive information under laws such as the GDPR in Europe, the LGPD in Brazil, and the Organic Data Protection Law in Ecuador. Misuse can affect individuals personally, socially, morally, and economically. Therefore, cybersecurity and data protection are essential in digital health, from public policy definition to the management of academic and corporate networks." He also emphasized that having a secure data infrastructure allows for improved medical care, the design of public policies, and advancements in scientific research.

Tasso explained that healthcare security is different from other sectors, such as finance. "Medical equipment does not always allow the installation of traditional protection measures, and its communication methods differ from those of a common computer. Therefore, we need a special approach to protect information without compromising the functionality of these devices.

He also pointed out that in some countries, such as the United States, there are strict penalties for non-compliance and warned about the risks of internal information leaks. "In addition to external threats, internal leaks can occur within an institution. Therefore, monitoring potential attacks and understanding vulnerabilities is key. In hospitals, implementing measures such as two-step authentication can be challenging, as it may generate resistance if not well adapted to healthcare personnel's needs," he added.

The panelists agreed that there are digital security challenges that require creative solutions to balance protection and functionality. In healthcare, traditional measures may not be viable due to working conditions. For instance, wearing gloves or masks can make certain authentication methods difficult. Understanding the context and adapting means developing innovative strategies that ensure security without affecting operations.

Abad discussed the implementation of security measures at various levels in Ecuador. She explained that "at the technical level, cryptography is used in documentation, key management, and mutual authentication through digital certificates. At the organizational level, having defined processes, regular audits, and strict controls for cloud service providers is essential."

She also emphasized the importance of a solid regulatory framework for health data protection. Cybersecurity must be integrated from the system design stage, and training users to identify potential threats is key. "It is essential to have a role-based authentication system that manages user access and revokes it for those who are no longer part of a healthcare institution, minimizing the risk of unauthorized access," she concluded.

RUTE-ALC wants to improve collaboration in telemedicine and digital health in the region. It is backed by RedCLARA and academic networks like CEDIA (Ecuador), CUDI (Mexico), REUNA (Chile), RENATA (Colombia), and RedCONARE (Costa Rica). This webinar is the first in a series of meetings that will be held throughout the year, addressing key issues for the advancement of telemedicine.

Watch the full meeting: https://www.youtube.com/watch?v=zchQM_izhkA&t=393s

Check the session calendar here: