Open inter­faces, outdated technology and different interests: IT security in the health sector is a complex topic, after all it is about the needs and safety of the patient. A major problem is the lack of regulation on the part of author­ities such as the Federal Institute for Drugs and Medical Technology and the Federal Office for Infor­mation Security — currently there are only recom­men­da­tions but no binding guidelines.

The Federal Office for Infor­mation Security (BSI), the Federal Institute for Drugs and Medical Devices (BfArM) and gematik are the competent author­ities for IT security of medical devices in Germany. It must be ensured that unautho­rised persons cannot use the IT in medical devices and systems against the patient and that compo­nents and systems are only open to autho­rised persons. Companies special­ising in IT security, such as SRC Security Research & Consulting GmbH from Bonn, can help here. Regulation is necessary to create security standards — although a sense of proportion is needed here. Because over-regulation can also cause damage.

Under the title “IT Security in the Healthcare Sector: Regulation is necessary and overdue” (german), the magazine “all about security” gave Randolf-Heiko Skerka, Head of IS Management at SRC Security Research & Consulting GmbH, the oppor­tunity to comment comprehensively.

If you are inter­ested, we would be pleased to hear from you.