The scope and governance model of eHealth services may vary in the Member States (MS); it might be implemented as centralised or even decentralised and may be extended, offering cross-border services. Additionally, critical assets identification in the healthcare systems and infrastructures may be based on different criteria, such as business continuity, data security and integrity, services availability, eHealth security policy and legislation. Moreover usual practices, cyber security challenges, approaches to mitigate risks, and requirements for the eHealth infrastructures may converge, diverge or be inadequate.
The aim of this study is to investigate the approaches and measures MS take to protect critical healthcare systems, having as a main goal improved healthcare and patient safety. In that respect this study analyses:
- The policy context in Europe and the legislation of the Member States
- The perception of the Member States on critical assets in eHealth infrastructures
- The most important security challenges
- The most common security requirements
- Relevant good practices that have been deployed in the MS for eHealth security
Cyber security incidents affecting eHealth services and infrastructures cause great impact. As a result this study focuses on the availability, continuity and resilience of these systems and infrastructures. Issues like data integrity, data protection and data confidentiality are always important when we talk about eHealth, however this study aims at presenting another side of the same coin. It is important to analyse these systems from the availability and resilience angle to understand how great the societal impact could be should, for example, a network supporting 3-4 regional hospitals not be available.
Download: Security and Resilience in eHealth: Security Challenges and Risks (.pdf, 2.226 KB).
Download from eHealthNews.eu: Security and Resilience in eHealth: Security Challenges and Risks (.pdf, 2.226 KB).