Risk Classification of Data Transfer in Medical Systems

Rosenbrand, Dagmar; de Weerd, Rob; Bothe, Lex; Baalbergen, Jan Jaap

doi:10.1007/978-3-319-24255-2_18

Dagmar Rosenbrand¹⁵,
Rob de Weerd¹⁶,
Lex Bothe¹⁵ &
…
Jan Jaap Baalbergen¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9337))

Included in the following conference series:

International Conference on Computer Safety, Reliability, and Security

1491 Accesses

Abstract

Nowadays, the hospital IT network is increasingly used to transport data between medical devices and information systems. The increase in network integration and the importance of the transported data results in high dependency on the IT network in the clinical setting. Until now, risk classification methods focused on two individual components of a medical system: medical devices and medical software. In this paper, we present a tool to classify patient safety risks of data transfer in medical systems by indicating the dependency on the IT network. The new method shifts the focus from separate components to the intended use of the entire system. It supports communication about risks and enables us to link risk analysis techniques and safety measures to the classification. The tool can be used in the design phase and is the start of a risk management process to secure safe use of a medical system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Volkskrant (2014). http://www.volkskrant.nl/dossier-zorg/risico-uitval-draadloos-netwerk-in-zorginstellingen-onderschat~a3633074/
Hanuscak, T.L., Szeinback, S.L., Seoane-Vazquez, E., Reichert, B.J., McCluskey, C.F.: Evaluation of causes and frequency of medication errors during information technology downtime. Am. J. Health Syst. Pharm. 66(12), 1119–1125 (2009)
Article Google Scholar
Campbell, E.M., Sittig, D.N., Guappone, K.P., Dykstra, R.H., Ash, J.S.: Overdependence on technology: an unintended adverse consequence of computerized provider order entry. In: AMIA Annual Symposium Proceedings, pp. 94–98 (2007)
Google Scholar
Sittig, D.F., Singh, H.: Defining health information technology-related errors: new developments since to err is human. Arch. Intern. Med. 171(14), 1281–1284 (2011)
Article Google Scholar
Skipr (2014). http://www.skipr.nl/actueel/id18982-ziekenhuis-weinig-alert-op-cybersecurity.html
Telegraph (2014). http://www.telegraph.co.uk/news/science/science-news/11212777/Terrorists-could-hack-pacemakers-like-in-Homeland-say-security-experts.html
Volkskrant (2013). http://www.volkskrant.nl/dossier-archief/hoe-hackers-ons-in-het-hart-raken~a3537587/
Austrian Times (2012). http://austriantimes.at/news/General_News/2012-12-01/45780/Patient%20hackers%20managed%20to%20dial%20a%20drug%20in%20hospital
The Economist (2014). http://www.economist.com/news/special-report/21606416-companies-markets-and-countries-are-increasingly-under-attack-cyber-criminals
Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W.H.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. Computer Science Department Faculty Publication Series. Paper 68 (2008)
Google Scholar
Himss: Himss System Risk Analysis Survey Report (2012)
Google Scholar
European Commission DG Health and Consumers: Medical Devices: Directive 93/42/EEC
Google Scholar
European Parliament and Council of the European Union: Medical Devices: Guidance Document – Classification of Medical Devices MEDDEV 2.4/1 Rev. 9 (2010)
Google Scholar
Ekker, A., van Rest, B.: Medische apps, is certificeren nodig? Nictiz (2013)
Google Scholar
International Electrotechnical Commission (IEC): International Standard IEC 80001-1: Application of Risk Management for IT-networks Incorporating Medical Devices – Part 1: Roles, responsibilities and activities (2010)
Google Scholar
NEderlandse Norm (NEN): NEN7510:2011 Medische Informatica – Informatiebeveiliging in de Zorg (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Instrumentele Zaken, Leiden University Medical Center, Leiden, The Netherlands
Dagmar Rosenbrand, Lex Bothe & Jan Jaap Baalbergen
Directoraat ICT, Leiden University Medical Center, Leiden, The Netherlands
Rob de Weerd

Authors

Dagmar Rosenbrand
View author publications
You can also search for this author in PubMed Google Scholar
Rob de Weerd
View author publications
You can also search for this author in PubMed Google Scholar
Lex Bothe
View author publications
You can also search for this author in PubMed Google Scholar
Jan Jaap Baalbergen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dagmar Rosenbrand .

Editor information

Editors and Affiliations

University of Technology, Delft, The Netherlands
Floor Koornneef
University of Huddersfield, Huddersfield, United Kingdom
Coen van Gulijk

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Rosenbrand, D., de Weerd, R., Bothe, L., Baalbergen, J.J. (2015). Risk Classification of Data Transfer in Medical Systems. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9337. Springer, Cham. https://doi.org/10.1007/978-3-319-24255-2_18

Download citation

DOI: https://doi.org/10.1007/978-3-319-24255-2_18
Published: 25 November 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24254-5
Online ISBN: 978-3-319-24255-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics