On Cyber Vulnerabilities Management in Critical Sectors: the Health Sector

Authors

  • Irina-Delia NEMOIANU Directoratul Național de Securitate Cibernetică

DOI:

https://doi.org/10.53477/2284-9378-25-27

Keywords:

cybersecurity, cyber-attacks, vulnerabilities, the health sector, resilience, the human factor.

Abstract

The digitalisation of the Romanian health sector has accelerated significantly, especially in the aftermath of the COVID-19 pandemic, but this transition has amplified cybersecurity risks, exposing critical infrastructures and patient data to persistent threats. This study analyses the technical and non-technical vulnerabilities of the medical sector, based on both documentary research and a survey conducted among representatives of health institutions. The results highlight important challenges, ranging from the use of outdated software, shortages of specialised cybersecurity staff and significant variations in the level of maturity of cyber protection between public and private organisations. Given the diversity of challenges identified, the resilience of the health sector requires an integrated cybersecurity strategy, underpinned by technological investments, continuous training and coherent risk management policies.

Author Biography

Irina-Delia NEMOIANU, Directoratul Național de Securitate Cibernetică

Irina-Delia Nemoianu joined the Romania National Cyber Security Directorate (DNSC) in Romania in 2023 as a cyber security expert, focusing on open-source intelligence analysis, cyber risks and threats. In this role, she monitors, analyses, and correlates cyber threat intelligence to enhance national cybersecurity resilience, with a particular focus on adversarial tactics, cyber-attack trends, and vulnerability exploitation. Additionally, she is actively involved in implementing EU-funded cybersecurity projects.

Prior to joining DNSC, Irina gained experience in cybersecurity operations, working as a SOC Analyst and Cybersecurity Consultant for major companies in France, including Akerva and Orange Cyberdefense. She specialized in SIEM analytics, incident response, and threat monitoring. Her research background includes postdoctoral positions at Université de Nice Sophia Antipolis (CNRS) and Supélec, where she worked on image and signal processing, video codec development using the network coding framework. Her doctoral research at Télécom ParisTech focused on network coding techniques for multimedia applications, leading to several peer-reviewed publications in high-impact journals.

Irina holds an engineering degree in Electronics, Telecommunications, and Information Technology from Politehnica University of Bucharest and a Ph.D. in Signal and Image Processing from Télécom ParisTech, France. Her expertise spans cyber security operations, cyber threat intelligence and risk assessment. She has also contributed to DNSC publications and collaborative initiatives designed to enhance public awareness of cyber security.

For a complete list of publications, see: https://www.researchgate.net/profile/Irina-Nemoianu

 

References

Cisco Systems Inc. 2023. Understanding the Phobos affiliate structure and activity. https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/.

Cynerio. 2023. “The State of NHS Trust IoT Device Security 2023.” https://www.cynerio.com/nhs-trusts-iot-security-report-cynerio-only.

DNSC. 2024. “Backmydata Ransomware (Alert).” https://www.dnsc.ro/vezi/document/alertbackmydata-ransomware-eng-pdf.

ENISA. 2023. “Enisa Threat Landscape: Health Sector.” https://www.enisa.europa.eu/publications/health-threat-landscape.

___. 2024. “ENISA Threat Landscape 2024.” doi:10.2824/0710888.

NIST. n.d. CVSS – Vulnerability Metrics. Accessed December 2024. https://nvd.nist.gov/vuln-metrics/cvss.

ProTV. 2023. Spital din Botoșani, atacat de hackeri. Le-au criptat baza de date și cer 50.000 de dolari răscumpărare. https://stirileprotv.ro/stiri/ilikeit/spital-din-botosani-atacat-dehackeri-le-au-criptat-baza-de-date-si-cer-50-000-de-dolari-rascumparare.html.

RO-CCH. 2025a. About RO=CCH. https://rocch.ro/en/about-ro-cch.

___. 2025b. Cyber security Vulnerabilities Report for healthcare and health institutions (D2.1). RO-CCH - DIGITAL-2022-CYBER-02. https://rocch.ro/en/dissemination/deliverables/d2-1/download.

SecurityScorecard. n.d. CVE Details. Accessed December 2024. https://www.cvedetails.com/.

SRI. 2021. Atac ransomware asupra Spitalului Clinic Witting din București. https://www.sri.ro/articole/atac-ransomware-asupra-Spitalului-Clinic-Witting-din-Bucuresti.html.

The MITRE Corporation. n.d. CVE® Program Mission. Accessed December 2024. https://www.cve.org/.

Tod-Răileanu, Gabriela, Ana-Maria Dincă, Sabina-Daniela Axinte, and Ioan C. Bacivarov. 2024. “Enhancing Vulnerability Management with Artificial Intelligence Algorithms.” International Conference on Cybersecurity and Cybercrime. 96–101. doi:10.19107/CYBERCON.2024.13.

Wan, Shengye, Joshua Saxe, Craig Gomes, Sahana Chennabasappa, Avilash Rath, Kun Sun, and Xinda Wang. 2024. “Bridging the Gap: A Study of AI-based Vulnerability Management between Industry and Academia.” 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S). IEEE Computer Society. 80-87.

Downloads

Published

2025-06-30

How to Cite

NEMOIANU, I.-D. (2025). On Cyber Vulnerabilities Management in Critical Sectors: the Health Sector. BULLETIN OF "CAROL I" NATIONAL DEFENCE UNIVERSITY, 14(2), 247–256. https://doi.org/10.53477/2284-9378-25-27

Issue

Vol. 14 No. 2 (2025)

Section

Articles

License

The published articles are subject to copyright law. All rights are reserved to the “Carol I” National Defense University, regardless of whether all or part of the material are considered, especially the rights to translation, reprinting, re-use of illustrations, quotations, broadcasting through the media, reproduction on microfilms or any other way and storage in data banks. Any replicas without the associated fees are authorized provided the source is acknowledged.