ICT security certification opportunities in the healthcare sector



Recommendation numbered, Nº: 15042020p1

🔘 Book page to dowload: enisa.europa.eu/publications/healthcare-certification/at_download/fullReport


Digital solutions for healthcare open a plethora of new possibilities in this area. They provide a technical base for easy testing, they improve significantly the quality of service by allowing immediate access to medical data – results of tests, history of treatment; they facilitate correct diagnosis by easier analytics and correlation of data and easier monitoring of patients’ health parameters. They facilitate setting up appointments with appropriate doctors at a convenient time. Some medical treatments can be even conducted online. Digitisation supports promotion of a healthy life style and can prevent diseases. Electronic healthcare solutions can be offered across borders, giving citizens the feeling of security in this respect. However, in order for all stakeholders to fully trust electronic services and products, they must be properly designed, implemented in a cost-effective way and provide acceptable levels of security and privacy. According to the opinion published jointly in December 2016 by ENISA and European semiconductor producers, in general today we are seeing a market failure for cybersecurity and privacy: trusted solutions are more costly for suppliers and buyers are reluctant to pay a premium for security and privacy. […] The smart card world already knows the relevance and risks of physical attacks when devices are physically accessible to an attacker. With the rise of the Internet of Things (IoT) enabling cars, critical infrastructure, and health applications using the same pipes and systems to communicate, attacks will get even more risky and threatening. The study discusses in a holistic approach effective baseline requirements for security and privacy in the networked architecture and value chain. It also proposes that well-established Common Criteria related certification of security products has to be complemented by new schemes, adapted to new challenges related to Internet of Medical Things (subset of IoT) and healthcare sector using this technology.


  • Introduction
  • Overview
  • Scope and objectives
  • Methodology
  • Baseline security requirements for products, services and processes
  • Healthcare systems
  • Overview
  • Healthcare Information Technology
  • Internet of Medical Things
  • Legislation in the area of healthcare
  • Healthcare Information Technology security
  • Assets
  • Threats
  • Security requirements for healthcare products and service
  • Additional considerations
  • Healthcare certification
  • Overview
  • Healthcare standards
  • Opportunities for certification
  • Recommendations
  • Bibliography
  • Annex A: Technical security requirements for IoT


[Unofficial biography. For informational purposes only]


ENISA (European Union Agency for Cybersecurity)

The European Union Agency for Cybersecurity (ENISA) has been working to make Europe cyber secure since 2004. The Agency is located in Athens, Greece, and has a second office in Heraklion, Greece. Provides recommendations on cybersecurity, supports policy development and its implementation, and collaborates with operational teams throughout Europe. ENISA contributes to securing Europe’s information society by raising awareness and by developing and promoting a culture of network and information security in society thus contributing to the proper functioning of the internal market. The Agency works closely together with Member States and private sector to deliver advice and solutions as well as improving their capabilities. This support includes inter alia: the pan-European Cybersecurity Exercises, the development and evaluation of National Cybersecurity Strategies, CSIRTs cooperation and capacity building, studies on IoT and smart infrastructures, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, identifying the cyber threat landscape, and others. (Source: enisa.europa.eu)

Please, thank the ENISA (European Union Agency for Cybersecurity)

Thank you very much for this work to @enisa_eu, via @States_AI_IA #endorsement #Cybersecurity #recommendations #healthcare #certification #ICT #ai #artificialintelligence #ia #thebibleai #security

Click to rate this post
[Total: 0 Average: 0]

Liked this post? Follow this blog to get more.