Cyber Strategy
Cyber Secure
Cyber Operations
Cyber Response
Cyber ResilienceIn May 2024, the Department of Health (DoH) in Abu Dhabi unveiled the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) Version 2.0. This updated framework reinforces their continued effort in the protection and management of healthcare data across the emirate. As healthcare continues to evolve in the digital age, so too must the measures that safeguard sensitive patient information. Here’s a look at what’s new in ADHICS v2.0 and how it aims to enhance cybersecurity within the healthcare sector.
- The Cloud
One of the standout updates in ADHICS v2.0 is the formal acknowledgment of cloud services for storing and processing healthcare data within the UAE. Recognizing global giants like Amazon Web Services and Microsoft Azure, the standard allows healthcare providers to leverage the scalability and flexibility of cloud technologies. However, this comes with stringent guidelines: cross-border data transfers are tightly controlled and require explicit exemptions from relevant health authorities. This move ensures that while technology adoption is encouraged, patient data remains securely within the nation’s digital borders. - Tiered Compliance
ADHICS v2.0 introduces a nuanced, tiered approach to compliance, recognizing that healthcare entities vary greatly in size, complexity, and risk exposure. The standard now categorizes controls into three distinct levels:
- Basic Controls: Foundational cybersecurity measures that every healthcare entity must implement. These controls focus on critical threats and must be implemented within six months of the standard’s release.
- Transitional Controls: Designed for medium-sized facilities such as hospitals with 1-20 beds and specialized medical centres, these controls build on the basics to offer more comprehensive protection.
- Advanced Controls: Targeting larger institutions like hospitals with over 21 beds and insurance providers, these controls address sophisticated threats and ensure that high-risk entities maintain robust defence mechanisms.
3. Policy Development
ADHICS v2.0 mandates the development or updating of over 15 critical policies, including those related to Access Control and Incident Management. The implementation of these policies is structured in phases, starting with Basic Controls and progressively incorporating more advanced measures. This phased approach is aimed at allowing organizations to methodically enhance their cybersecurity posture without overwhelming their operational capabilities.
In Summary…
ADHICS v2.0 introduces transformative changes to healthcare cybersecurity in Abu Dhabi. It now embraces cloud technologies within regulated boundaries, ensuring data sovereignty while leveraging modern infrastructure.
The tiered compliance framework aligns security controls to the specific needs of organizations based on their size and complexity, promoting scalable and effective protection. Additionally, the specifications to policy development ensures that organizations can maintain a standard inventory f documents and strengthen their cybersecurity foundations. Collectively, these updates position ADHICS v2.0 as a forward-thinking standard, aligning healthcare cybersecurity with global best practices while addressing local regulatory needs.
In May 2024, the Department of Health (DoH) in Abu Dhabi unveiled the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) Version 2.0. This updated framework reinforces their continued effort in the protection and management of healthcare data across the emirate. As healthcare continues to evolve in the digital age, so too must the measures that safeguard sensitive patient information. Here’s a look at what’s new in ADHICS v2.0 and how it aims to enhance cybersecurity within the healthcare sector.
- The Cloud
One of the standout updates in ADHICS v2.0 is the formal acknowledgment of cloud services for storing and processing healthcare data within the UAE. Recognizing global giants like Amazon Web Services and Microsoft Azure, the standard allows healthcare providers to leverage the scalability and flexibility of cloud technologies. However, this comes with stringent guidelines: cross-border data transfers are tightly controlled and require explicit exemptions from relevant health authorities. This move ensures that while technology adoption is encouraged, patient data remains securely within the nation’s digital borders. - Tiered Compliance
ADHICS v2.0 introduces a nuanced, tiered approach to compliance, recognizing that healthcare entities vary greatly in size, complexity, and risk exposure. The standard now categorizes controls into three distinct levels:
- Basic Controls: Foundational cybersecurity measures that every healthcare entity must implement. These controls focus on critical threats and must be implemented within six months of the standard’s release.
- Transitional Controls: Designed for medium-sized facilities such as hospitals with 1-20 beds and specialized medical centres, these controls build on the basics to offer more comprehensive protection.
- Advanced Controls: Targeting larger institutions like hospitals with over 21 beds and insurance providers, these controls address sophisticated threats and ensure that high-risk entities maintain robust defence mechanisms.
3. Policy Development
ADHICS v2.0 mandates the development or updating of over 15 critical policies, including those related to Access Control and Incident Management. The implementation of these policies is structured in phases, starting with Basic Controls and progressively incorporating more advanced measures. This phased approach is aimed at allowing organizations to methodically enhance their cybersecurity posture without overwhelming their operational capabilities.
In Summary…
ADHICS v2.0 introduces transformative changes to healthcare cybersecurity in Abu Dhabi. It now embraces cloud technologies within regulated boundaries, ensuring data sovereignty while leveraging modern infrastructure. The tiered compliance framework aligns security controls to the specific needs of organizations based on their size and complexity, promoting scalable and effective protection. Additionally, the specifications to policy development ensures that organizations can maintain a standard inventory f documents and strengthen their cybersecurity foundations. Collectively, these updates position ADHICS v2.0 as a forward-thinking standard, aligning healthcare cybersecurity with global best practices while addressing local regulatory needs.
See also:
Dubai