In the national cyber security exercise KYHA22TH, which ended on Tuesday 15.11.2022, Finnish healthcare operators practiced cooperation in various serious and large-scale cyber incident situations.
The five-day national cyber exercise was led by Rauli Paananen, Director of Cyber Security at the Ministry of Transport and Communications, together with Tero Kokkonen, Director of the Institute Information Technology of Jamk University of Applied Sciences. The cyber exercise was planned and implemented by JYVSECTEC (Jyväskylä Security Technology).
The starting point for the exercise was the current global security situation, recognising that healthcare is an industry that has been subjected to a great deal of cyber influence even before the war in Ukraine.
"The global digital leap during the corona pandemic has shown that modern technology enables society to function on digital operating environments. On the other hand, the recent change in the security situation measures the maturity of our society to manage the digital operating environment in a situation where a motivated party with sufficient resources seeks to influence the infrastructure," Tero Kokkonen describes the starting points of the exercise.
The exercise was attended by the Ministry of Social Affairs and Health, the Finnish Institute for Health and Welfare, the Finnish Medicines Agency Fimea and the National Supervisory Authority for Welfare and Health (VALVIRA). In addition, the Hospital District of Helsinki and Uusimaa (HUS) participated in the exercise and, as a service provider company, ISTEKKI OY together with selected customer hospital districts, as well as the National Cyber Security Centre, the Police and the Government ICT Centre Valtori as essential actors for the trainee entity.
The participating organisations faced threats in the award-winning RGCE (Realistic Global Cyber Environment) training environment developed at Jamk University of Applied Sciences.
"The systems and services of each participating organisation were modelled into the environment so that the participants of the exercise would face cyber influencing in an authentic environment. The organisations participating in the exercise coped well with unexpected cyber incident situations, and after the exercise, the readiness to act is even better than before," says Jarno Lötjönen, Chief Specialist at Jamk University of Applied Sciences.
The National Cyber Security Exercise (KYHA), which has been carried out since 2013, has established itself as a leading platform for national cybersecurity, fault tolerance and collaborative training. Several exercises are organised per year and involve parties significant to the critical functions of society. In the future, cyber exercises for healthcare operators will be organised annually together with the Ministry of Transport and Communications. The Security Committee will also participate in the upcoming exercises with its steering role at the national level.