DSI Publications

The healthcare industry is undergoing great technological transformations. Hospitals are going digital and medical devices – whether implanted in patients’ bodies or stationed in hospitals – are equipped with increasing computing power and wireless connectivity. Connected healthcare can offer safer, more efficient, and timely medical service delivery. It also presents great economic opportunities – according to a Roland Berger consultancy firm study, the digital healthcare market is set to grow at average annual growth rates of 21 percent until 2020. Yet, the integration of computing and communication technologies in safety-critical medical systems will expose them to the same network and information security (cyber security) threats as other information technology (IT) systems. Research and real-world incidents have shown that IT security risks in healthcare are systemic. Cyber attacks’ impact on the privacy of patient data has already been established. More recently, their potential impact on patient health and safety has been raising concerns for healthcare organizations, regulators, and medical device manufacturers alike. The management and governance of related risks requires comprehensive standardization, regulation, and best practices to encompass both IT security and safety. DSI has analyzed the convergence of safety and security risks in healthcare and the Internet of Things through a review of the relevant literature, as well as expert interviews and a workshop with representatives from health organizations, medical device manufacturers, IT security experts, safety engineers, regulators, and certification bodies. On this basis, DSI has developed recommendations for policy and industry, which are presented by this paper after a short analysis of the current status of security in connected healthcare.

In April 2017, the Digital Society Institute hosted a workshop entitled "How secure is free software? Security record of open source and free software." The report summarizes the findings of the workshop and gives recommendations for companies and public agencies as well as policy recommendations.

The DSI has carried out stakeholder workshops with the automotive sector, mobility digital startups, automotive insurers, and vehicle inspectors and, on this basis, has developed the recommendations for safety, security and data policy in automotive IT. The car of the future will collect a wide range of data. Ownership and usage of those data must be clarified, and legal and technical characteristics have to be established in order to endure data protection, data security, vehicle safety, and a fair market.

This issue contains German text and English translation in one file.