European Commission
English

Kohesio: discover EU projects in your region

project info
Start date: 1 November 2023
End date: 31 December 2025
funding
Fund: Just Transition Fund (JTF)
Total budget: 540 194,00 €
EU contribution: 378 136,00 € (70%)
Read further about the fund
programme
Programming period: 2021-2027
Programme: Innovation and skills – FI – ERDF/ESF+/JTF
intervention field
Digitising SMEs (including e-Commerce, e-Business and networked business processes, digital innovation hubs, living labs, web entrepreneurs and ICT start-ups, B2B)
beneficiary
Kaakkois-Suomen Ammattikorkeakoulu Oy
European Commission Topic
European Commission Topic

CyberCare Kymi

The transition plan for the Kymenlaakso Just Transition Fund program has identified the need for developing the region's economy, specifically in raising the level of expertise within the local economy. There's a general need to improve the resilience of businesses, requiring enhancement of continuity capabilities and support for networks that bolster the business environment. Additionally, the region's one-sided economic structure demands rejuvenation of businesses and the adoption of new technologies, necessitating investment in business-oriented Research, Development, and Innovation (RDI) collaborations. Social and healthcare organizations employ 20% of the workforce in Kymenlaakso. Nearly everyone in the region uses social and healthcare services. Of Kymenlaakso's approximately 10,000 companies, over 1,000 operate in the social and healthcare business. This creates a large attack surface for the critical infrastructure and its economy. However, the cybersecurity in the social and healthcare sector is often deficient, especially in smaller organizations. Considering the sensitive personal data and the critical nature of the social and healthcare operations, cyber incidents have more severe consequences compared to other industries. Thus, strengthening the cyber resilience is of utmost importance. In the European Union's Cybersecurity Agency Enisa's press release on 5th July 2023, it was reported in the first Health Threat Landscape – ENISA report 2023 findings, that 53% of the attacks on the healthcare sector are targeted at organizations performing patient care. Only 14% of the attacks target healthcare authorities and 9% target the pharmaceutical industry. Enisa's director Juhan Lepassaar characterized the findings with the words, "What I consider a wakeup call". Only a few weeks after these words were spoken, a single ransomware attack affected 16 hospitals and 165 care facilities in five different U.S.states. Full recovery of all functions is expected no earlier than mid-December. Cybersecurity within the social and health care sectors, especially in smaller organizations, is deficient. Due to the sensitive nature of personal data and the often critically important operation for health, cyber incidents in the social and healthcare sector have more serious consequences than in other sectors. Therefore, strengthening cyber resilience is particularly important in these organizations. The biggest risk, according to ENISA's report, is to fall victim to ransomware (54% of cyber incidents in the social and healthcare sector). The aim of the criminals in 46% of the reported cases is to gain control of patient data and not just to prevent their use. This enables double extortion and profits: money is extorted from organizations and the patients themselves. This project supports the development of products, services and production methods of Kymenlaakso’s social and healthcare business SMEs, as well as the adoption of new cyber and information security technology. Digitalization within the social and healthcare sector is inevitable, and those operating in this field will have to transform and update their practices towards digital solutions. However, the current situation does not support this leap. A safe transition requires the opportunity to identify potential security gaps in one's own operations, through scenario exercises and strengthening of competence. SMEs have little to no opportunities to practice cyber crises in real life, even though regular practice is mandatory according to the requirements of the social and healthcare sector. Initiating practice requires guidance and a model for action. Practical training is necessary through various Cyber security scenarios, which also involve assessing readiness, guidelines, and accessibility of instructions. Companies should also be helped to prepare for short- and long-term disruptions so that operations can continue unimpeded without information systems and/or platform and network services. The lack of practice opportunities creates conditions for cyber crises in healthcare. Social and healthcare students receive little to no cyber and information security training. Further, the healthcare and cyber security sectors lack cross-cutting entrepreneurship-promoting collaboration platforms and networks, both nationally, regionally, and internationally. Since cybercrime is a global phenomenon, international cooperation plays a significant role in its prevention. This project is aimed at SMEs in the social and healthcare sector in the Kymenlaakso region. It is also directed towards other stakeholders involved in social and healthcare, cybersecurity and information security, including, educators, organizations, students, authorities, and entrepreneurship experts. Objectives The project aims to develop the operational environment within the social and healthcare sector and promote Research, Development, and Innovation (RD&I) activities that stem from the needs of t

Flag of Finland  Kymenlaakso, Finland