"As the local authority responsible for the three largest hospitals in Sibiu County, I feel under constant pressure due to cyber threats. We are making significant efforts to digitalise and introduce advanced technology, fully aware of the benefits it brings - more accurate diagnoses, faster interventions, and greater transparency. Yet, as cyberattacks become increasingly sophisticated, we are exposed to risks that threaten not only the security of patients’ data but also patients’ lives. A cyberattack that disrupts the functioning of advanced medical equipment — for example, a surgical robot — during an operation could put a patient’s life directly in danger. The problem is compounded by the fact that we lack sufficient trained staff to respond to these challenges. Our hospitals need cybersecurity specialists to ensure that the technology we invest in can be used to its full potential, without exposing patients to unnecessary danger." These concerns were raised by Daniela Cîmpean, President of Sibiu County Council during a debate on preparedness, cybersecurity, and security of supply held in Helsingør, Denmark.
Bridging New and Old Technologies
Cîmpean also spoke on the challenge in handling different technologies "When introducing state-of-the-art technology into hospitals, the challenge lies in making it work seamlessly with existing systems. It is impossible to replace an entire IT infrastructure at once — the financial resources simply do not exist. Every connection between old and new systems creates a potential security gap. No matter how advanced the technology we purchase is, its security is compromised the moment it interacts with outdated systems."
She said that to address this, Sibiu introduced smart procurement practices. "We carefully draft tender specifications to ensure that suppliers of new technology also provide solutions for migrating information to systems that remain in use. We require separate circuits for medical equipment and IT infrastructure, in order to reduce, as much as possible, the risk of cyberattacks."
The Need for European and Regional Support
As rapporteur of the European Committee of the Regions’ opinion on Cybersecurity of hospitals and healthcare providers, adopted earlier this year, Cîmpean stressed the importance of genuine EU support. "Local and regional authorities must have access to funding sources, training programmes for specialists, and the means to carry out thorough audits of existing hospital systems."
She also called for the creation of regional support centres — which she described as facilities that would function like the 112 emergency number. "In the event of a security breach or IT incident, hospital IT staff should be able to call at any time of day and receive immediate expert guidance. The faster we intervene, the more we can limit the damage and protect patients’ safety."