Thanks to digitalization, the possibility of providing a particular medical service is simplified, waiting times in queues for patients are reduced, at the same time doctors have the opportunity to reduce the time to fill out medical documents, receive complete data on patients arriving from other regions, etc. However, the flip side of the coin of computer technology is the emergence of risks of cyber attacks.. The special importance for cybercriminals of medical organizations (MO) is interpreted by the presence in their databases of important confidential information (CI) – personal information of patients and medical workers, their bank card numbers, information about their positions, etc. Leaks and thefts of these materials entail a number of dangerous consequences, such as violation of personal integrity, financial losses for the Ministry of Defense and a threat to human health and life. Therefore, personnel security is one of the most important components of the organization’s security. The purpose of this work is to analyze the main – analysis of the main aspects of personnel security in medicine. The types of cyber threats faced by the Ministry of Defense and the methods of EMD protection are analyzed.

According to research by Positive Technologies (Russia) in 2023, the healthcare sector turned out to be the most attacked by cybercriminals [1], with 96% of attacks being targeted, and this year as a whole was accompanied by an increase in the activity of intruders for medicine. As a rule, the attackers were interested in personal data (PD) and medical information (40% and 26% of the total share of stolen data for the 4th quarter of 2023) [1]. A striking example would be the attacks on Tennessee orthopedic clinics in the United States in 2023, which allowed unauthorized users to gain access to the clinic’s systems and gain valuable information — names, dates of birth, information about diagnoses and ongoing therapy, contact information, names of suppliers, data on prescriptions and health insurance, and the cost of services [2]. Immediately after the incident was discovered, the clinic staff implemented additional technical security measures. In Russia, in 2023, the Helix medical laboratory was subjected to a significant cyberattack, which disabled its systems, and patients could not receive their test results for several days. Hackers tried to infect the systems with a ransomware virus [3]. Another example of a cyberattack is Prospect Medical Holdings from the United States, which was attacked by attackers from the Rhysida group in August 2023 [4]. Because of this, the hospital was forced to turn off its IT networks to prevent the spread of the attack, return to paper documentation and suspend the provision of a number of services (for example, taking tests). Cybersecurity is a set of measures aimed at preventing, detecting and neutralizing attacks on information systems. The main goal of hackers is to obtain confidential user information and use it for their own purposes. Defense industries as targets for cyber attacks are attractive to intruders primarily because most of them do not update their software in a timely manner. And hacking such a system is very easy. That is why the organization of information security in the medical field is so important. The most common types of cyber attacks on healthcare institutions include phishing, the introduction of an encryption virus, DDoS attacks, as well as threats from employees of the organization who have access to systems (internal attacks) [6]. When phishing, hackers disguise themselves as legitimate organizations, seeking to obtain confidential data about patients and employees [6]. An encryptor is an extortionist virus, which is malware that blocks access to systems until a ransom is paid, which results in loss of access to critical medical data [6]. A DDoS attack is a denial of service due to an overload of network services, servers, or infrastructure [6]. At the same time, botnets are created – networks of computers infected with viruses. They fill the site with «stray» traffic, that is, they send millions of requests to the server at the same time. There is a large flow of information that overloads communication channels and computing resources.

The system cannot handle incoming data and stops responding to requests. In other words, they become unavailable to authorized users. Internal threats are attacks carried out by unscrupulous employees of an organization who have access to systems [7]. According to a report by Positive Technologies (Russia), malware was used in every second attack worldwide in 2023, with cryptographers (51%) and spyware (27%) being the most popular tools. Most often, attackers spread viruses through e-mail (66%), and sometimes compromised computers, servers, and network equipment (26%) [1].

Legislation plays an important role in protecting medical data (MD). It establishes rules and regulations governing the processing and protection of AI. There are many international and national regulations in the field of cybersecurity. They aim to ensure the confidentiality, integrity, and accessibility of patient information. For example, the General Data Protection Regulation (GDPR) is a European standard that sets out clear requirements for the processing of personal data, including medical information. GDPR regulates the rules for the management of data collected by the Ministry of Defense.

The Organization is required to provide timely information about requests for personal information and security breaches, as well as to evaluate the reliability and protection of confidentiality. It also includes the Health Insurance Portability and Accountability Act (HIPAA), an American legal act that ensures the confidentiality of MD and other personal data of patients. HIPAA proclaims information security standards, requiring the Ministry of Defense to implement administrative, physical and technical means of protection. HIPAA ensures the secure exchange of information between organizations. This law is important for all people who deal with confidential medical information in the U.S. healthcare system. Information protection in the Russian Defense Ministry is regulated by federal legislation, decrees of the President of the Russian Federation, governing documents of the Federal State Institution «State Technologies», the Ministry of Finance of Russia, the FSTEC and the FSB of Russia, as well as industry recommendations of the Ministry of Health of Russia. These documents ensure the protection of human rights when processing personal data, as well as regulate relations in the field of ensuring the security of the critical information infrastructure of the Russian Federation. In this regard, the Ministry of Defense must adhere to the following data protection standards:

1) ISO/IEC 27001 is an international standard that sets requirements for information security management systems. It helps organizations protect data through a risk management process and the implementation of appropriate security measures.;

2) HITRUST CSF is a set of rules that allows the Ministry of Defense to consistently and in an orderly manner establish compliance with requirements through the introduction of an integrated risk management system and, thereby, be in the field of regulatory requirements. This document combines standards such as HIPAA, ISO, and NIST, and provides a unified approach to data security management. The use of HITRUST CSF allows organizations to identify and eliminate security gaps in a timely manner, minimize risks and improve the protection of medical data.

3) The NIST Cybersecurity Framework includes a set of guidelines for reducing cybersecurity risks published by the US National Institute of Standards and Technology. With the help of this document, organizations have a systematic approach to identify, assess and manage cybersecurity risks, increasing the overall resilience of organizations to various types of cyber attacks and protecting information resources more reliably. In other words, this standard plays a significant role in strengthening the cyber security of the Ministry of Defense.

It is of great importance to train employees of organizations in ways to counter targeted attacks and preserve internal corporate confidentiality. Proper selection, application, and administration of information security tools ensures that valuable company information does not fall into the hands of cybercriminals. Let’s consider the main similar tools. Encryption allows you to encode information in a form that can only be read by users who have a password or access to the decryption key. The use of advanced encryption methods, such as symmetric or public-key cryptographic algorithms, ensures that data is inaccessible to unauthorized access [5].

Authentication involves verifying the authenticity of the user’s identity, making it possible to verify that the subject accessing specific protected information is actually who he claims to be. In this case, the user must provide the system with a set of unique information certifying his identity and access rights, that is, an authentication factor.

Data backup is a security method that involves making copies of data to prevent information loss in the event of cyber attacks or system failures. It allows you to save information, restore data immediately and reduce downtime, as well as significantly reduce the risk of significant data loss [5]. The restriction of access lies in the fact that the opportunity to obtain certain information is provided only to registered users, which is carried out by using passwords, identification cards or biometric systems [5].

The use of antivirus software through the use of special programs helps to detect and block viruses that can damage the MD. Due to the fact that hackers use a wide variety of types of attacks, from phishing emails to complex viruses and ransomware, only the comprehensive use of all protection methods can ensure the proper level of security.

However, ensuring information security is not limited to technological solutions, but must include the development of clear procedures and policies. Namely, it is also necessary to conduct systematic security audits, analyze security failures, and regularly test systems for the possibility of new threats [5]. Creating reliable and understandable security systems is also one of the key elements of data protection. The policy should regulate instructions on password usage, access control, incident response, and data recovery. The implementation of the rules ensures the creation of a structured environment in which each employee understands their responsibilities in the field of cybersecurity. It is necessary to monitor the recruitment of personnel and conduct a retrospective professional aptitude check [5].

It is advisable to check the resume, knowledge of the rules and requirements of the organization by potential employees when applying for employment.

Staff training is an integral part of a cybersecurity strategy. Systematic education and training on information security increases employees’ awareness of potential threats and best practices for their prevention, which creates a culture of security, since each employee makes his own contribution to data protection.

The cyber threat in the medical field is one of the most pressing problems at the moment. In this regard, the urgency of ensuring security increases, which makes it possible to protect the EMD from threats that can jeopardize not only the confidentiality of employees and patients, but also the integrity of the entire healthcare system. Modern technologies, as well as a number of information protection methods, help in this, and the implementation of security policies plays a leading role in the implementation of solid data protection. But you also need to understand that technology is constantly evolving, and attacks are becoming more sophisticated. Therefore, it is important for the Ministry of Defense not only to implement existing solutions, but also to regularly monitor new trends in cybersecurity, which requires continuous training, adaptation and an active approach to risk management.