The Government deploys the cybersecurity model in Catalan public health centers

People's health is not only in the hands of the best professionals and infrastructure. Today, its functioning also relies on an essential digital architecture. Medical records, diagnostic tests, electronic prescriptions, communication between healthcare teams, and resource management are all handled through complex, interconnected computer networks. In this scenario, cybersecurity has ceased to be a technical issue and has become an essential condition for the healthcare system to function normally, safely, and reliably.

For all these reasons, the Government has opted to strengthen digital defenses and expand the Cybersecurity model in the comprehensive public healthcare system (SISCAT), also deploying it to social and healthcare and mental health entities. The objective is to improve the resilience of healthcare entities and guarantee the continuity of care services, even in a context of increasing digital threats.

The expansion of the model is financed with European RETECH funds, within the Recovery, Transformation and Resilience Plan, with the support of INCIBE. The project has an estimated duration of approximately one year, and the Department of Health has already planned to finance its continuation with its own resources until 2027.

Cyberattacks in the healthcare sector

The threat is real and growing, as the data shows. According to the 2024 report from the Cybersecurity Agency of Catalonia, 6.9 billion cyberattacks were detected that year, 1.25 billion of which targeted the healthcare sector.

The Catalan figures are part of a worrying global trend: Cyber ​​Security Report Check Point reports that cyberattacks against the healthcare sector increased by 47% in 2024 compared to the previous year, with an average of 2,210 attacks per week worldwide.

Protecting an essential service

The Cybersecurity Model is deployed in five phases. The first is the diagnostic phase, which identifies the degree of exposure of each entity, detects vulnerabilities—often linked to outdated systems—and analyzes potential attack vectors. The second phase is the security plan, which defines concrete actions to reduce risks, including updates, technical protections, and staff training. The third phase establishes operational integration with the Cybersecurity Agency, connecting each entity to the Cybersecurity Operations Center, which operates 24/7. The fourth phase incorporates recurring services such as penetration testing, incident simulations, constant reassessments, and ongoing training. Finally, the process culminates in certification under the National Security Framework, which accredits each entity's level of maturity and robustness in cybersecurity.

Once the cybersecurity model was deployed and the entities integrated, the results obtained in 2024 demonstrated its effectiveness. During that year, the model provided greater visibility of the entities, detected even more attacks, and prevented any of them from having a significant impact on healthcare services.

Homogeneous system for the entire SISCAT

Until now, the model had been deployed in all SISCAT hospitals. The next step is to progressively expand it to social and healthcare services, mental health, and primary care during 2025 and 2026. The goal is to build a homogeneous cybersecurity system capable of continuous evolution thanks to ongoing monitoring, training, and constant vulnerability reviews.

Healthcare data is extremely valuable and very attractive to cybercriminals, especially criminal groups specializing in ransomware or ransomware. They not only seek to block systems, but also to obtain financial gain from confidential information. In response, the Cybersecurity Model acts as a dynamic structure for monitoring and protection, but also as a shared organizational culture. Healthcare entities, together with the Agency, learn to detect anomalies, react to signs of intrusion, and recover quickly should an incident occur. Thus, cybersecurity becomes a key component of quality care, an invisible layer that guarantees the security and continuity of service.