Healthcare sector


Cyber threats are a significant challenge for health and social care organisations. The wealth of data available on health networks and the potential impact of data unavailability makes the industry very attractive to cyber criminals. Furthermore, as patient information is often available to a wide scope of personnel, the risk of an accidental breach is also increased. To minimise these risks, healthcare providers need to maintain a robust information security posture and have tried-and-tested plans in place should a breach occur.

Information security is not limited to healthcare providers. All health and social care organisations need to maintain the integrity of their health data, regardless of where it is held or processed. Implementing and demonstrating best practice through internationally recognised certification schemes, as well as prioritising compliance with the EU General Data Protection Regulation (GDPR), serves to maintain your network and information security. It also gives healthcare providers the necessary confidence to award contracts.

With the introduction of the GDPR and the associated fines for non-compliance, cyber and data security have never been higher on board agendas. Planning now for upcoming risks puts your organisation in the best possible position to prevent incidents, or at least reduce their impact should they occur.

GDPR in healthcare


The GDPR comes into effect from 25 May 2018. As a result, health and social care organisations will have to follow stricter guidelines on the collection, processing and storage of individuals’ data.

IT Governance offers a checklist for organisations at any stage of their GDPR compliance journey. This checklist highlights the practical steps organisation need to take when planning their journey both before and after 25 May.

View the practical steps to GDPR compliance >>

Cyber security and resilience


As cyber threats evolve, the development rate of security solutions cannot always match the pace. Instead of solely focusing on preventing attackers from accessing your network, it is better to assume a breach will occur and plan a strategy that reduces the impact of one. Cyber resilience brings together cyber security and business continuity to try to prevent breaches and ensures your organisation will survive following an incident.

Its comprehensive approach to information security and business continuity means that a best-practice information security management system (ISMS) and business continuity management system (BCMS) can help. Their respective international standards, ISO 27001 and ISO 22301, are recommended as guidance for complying with cyber and data security requirements and legislation.

More information on cyber resilience is available on the information page >>

Penetration testing


Healthcare organisations may have technology and procedures in place to prevent data theft, but it is still difficult to find every single security weakness.

To help protect your network and electronic patient health information (PHI), you need to examine your environment the way a potential attacker would. Penetration testing is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals would exploit.

More information on penetration testing >>

The Directive on Security of Network and Information Systems (NIS Directive)


The NIS Directive was adopted by the European Parliament on 6 July 2016, and entered into force in August 2016. EU member states have until 9 May 2018 to transpose it into national laws, and a further six months to identify the operators of essential services (OES) to which it applies.

The Directive aims to achieve a high common level of network and information systems security across the EU in three ways. As such, it will introduce security measures and incident reporting obligations for OES in critical national infrastructure (CNI), including healthcare providers, and digital service providers (DSPs).

Download the NIS Directive compliance guide >>

Training solutions for healthcare


The past year has seen significant changes to the digital landscape, and both healthcare providers and industry partners need to stay abreast of the challenges these present. IT Governance’s training courses can help to develop your in-house capabilities to meet these challenges and plan against current and anticipated threats.

Our trainers are experienced in the challenges and compliance obligations facing a wide range of organisations, and are able to bring healthcare-specific knowledge as well as best-practice insight.

Courses are delivered across multiple EU locations and are available in various languages, including German, French, Spanish and Italian. As we expand our European training locations, courses are offered in Live Online and distance learning formats.

View our full range of courses and book now >>

Product hub


Our one-stop shop provides solutions for the most common challenges facing healthcare organisations that are looking to:

  • Achieve and maintain a secure information infrastructure; and
  • Demonstrate regulatory compliance and certification.

Contact us today


Call: +44 (0)333 800 7000


SAVE 25%