19.12.2016

ENISA: Report on Smart Hospitals and Smart Health Services/Infrastructures

ENISASmart Hospitals - Security and Resilience for Smart Health Service and Infrastructures (pdf)
This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are supporting a healthcare organisation the report described the Smart Hospital ecosystem and its specific objectives. Based on the analysis of documents and empirical data, and the detailed examination of attack scenarios found to be particularly relevant for smart hospitals, this document identifies mitigation techniques and good practices. [...]
Based on the analysis of documents and empirical data, and the detailed examination of attack scenarios found to be particularly relevant for smart hospitals, the study proposes key recommendations primarily for hospital executives. Namely hospitals should:
  • Establish effective enterprise governance for cyber security
  • Implement state-of-the-art security measures
  • Provide specific IT security requirements for IoT components in the hospital
  • Invest in NIS products
  • Establish an information security sharing mechanism
  • Conduct risk assessment and vulnerability assessment
  • Perform penetration testing and auditing
  • Support multi-stakeholder communication platforms (ISACs)
The study also makes recommendations for industry representatives in order to enhance the level of information security in smart hospitals. Namely industry players should:
  • Incorporate security into existing quality assurance systems
  • Involve third parties (healthcare organisations) in testing activities
  • Consider applying medical device regulation to critical infrastructure components
  • Support the adaptation of information security standards to healthcare [...]


Source: ENISA