Open interfaces, outdated technology and different interests: IT security in the health sector is a complex topic, after all it is about the needs and safety of the patient. A major problem is the lack of regulation on the part of authorities such as the Federal Institute for Drugs and Medical Technology and the Federal Office for Information Security — currently there are only recommendations but no binding guidelines.
The Federal Office for Information Security (BSI), the Federal Institute for Drugs and Medical Devices (BfArM) and gematik are the competent authorities for IT security of medical devices in Germany. It must be ensured that unauthorised persons cannot use the IT in medical devices and systems against the patient and that components and systems are only open to authorised persons. Companies specialising in IT security, such as SRC Security Research & Consulting GmbH from Bonn, can help here. Regulation is necessary to create security standards — although a sense of proportion is needed here. Because over-regulation can also cause damage.
Under the title “IT Security in the Healthcare Sector: Regulation is necessary and overdue” (german), the magazine “all about security” gave Randolf-Heiko Skerka, Head of IS Management at SRC Security Research & Consulting GmbH, the opportunity to comment comprehensively.
If you are interested, we would be pleased to hear from you.