Security shortcomings in healthcare: a preliminary investigation of Data Protection Authorities' decisions

As digital technologies are being more and more deployed to support the healthcare sector, the latter becomes increasingly vulnerable to cybersecurity and privacy risks. The past decades, significant effort has been put into advancing standardization and regulatory frameworks, aiming at protecting healthcare infrastructure and digital applications intended for use in healthcare, along with ongoing research on this field. Motivated by the ongoing research that uses digital applications in the healthcare, which is also conducted in two relevant HORIZON research projects (RETENTION and PHOENI2X), this work aims at providing insights on regulatory compliance challenges faced in this context and exploring respective shortcomings or solutions in practice. To this end, we reviewed decisions of the supervisory authorities within the USA and EU regarding data breaches in the healthcare sector, issued from 1/1/2020 to 31/12/2022, illustrating the most common areas of vulnerabilities and discussing the challenges and the lessons learned.