Abstract
Hospitals are indispensable institutions for public healthcare and part of society’s critical infrastructures. The increasing use of information technology and networks creates new dependencies and risks that could affect medical service availability. A systematic analysis of risks associated with IT will help to determine the risks for critical processes caused by IT disruptions or failures.
This paper outlines a practical risk analysis approach with focus on the risks associated with the dependency on hospital IT. The method was developed within the project “Risk analysis hospital IT” (”Risikoanalyse Krankenhaus-IT” - RiKrIT) launched by the Federal Office for Security in Information Technology (BSI), the Federal Office for Civil Protection and Disaster Assistance (BBK), the Senate Department for Health, Environment and Consumer Protection of the State of Berlin, and the Unfallkrankenhaus Berlin (ukb).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Federal Office of Civil Protection and Disaster Assistance (BBK): Schutz Kritischer Infrastruktur: Risikomanagement im Krankenhaus (Leitfaden zur Identifikation und Reduzierung von Ausfallrisiken in Kritischen Infrastrukturen des Gesundheitswesens), Langfassung, Bonn 2008. Download: www.kritis.bund.de.
Federal Ministry of the Interior (BMI): Protecting Critical Infrastructures – Risk and Crisis Management – A Guide for Companies and Government Authorities. Berlin 2008. Download: www.kritis.bund.de.
Federal Office for Information Security (BSI): BSI-Standard 100-2: IT-Grundschutz Methodology, Version 2.0. Bonn 2008. Download: www.bsi.bund.de/Standards.
Federal Office for Information Security (BSI): BSI-Standard 100-3: Risk Analysis based on IT-Grundschutz, Version 2.5. Bonn 2008. Download: www.bsi.bund.de/Standards.
Federal Office for Information Security (BSI): Threats Catalogue: Elementary Threats, Version 1.0. Bonn 2011. Download: www.bsi.bund.de/Standards.
Federal Office for Information Security (BSI): Supplement to BSI-Standard 100-3, Version 2.5, Application of the Elementary Threats from the IT-Grundschutz Catalogues for Performing Risk Analyses, Bonn 2011. Download: www.bsi.bund.de/Standards.
Federal Office for Information Security (BSI): IT-Grundschutz-Kataloge. 12. Ergänzungslieferung, Bonn 2011. Download: www.bsi.bund.de/IT-Grundschutz-Kataloge.
Federal Office for Information Security (BSI): Schutz Kritischer Infrastrukturen: Risikoanalyse Krankenhaus-IT (Langfassung). Bonn 2013. Download: www.kritis.bund.de.
Federal Office for Information Security (BSI): Schutz Kritischer Infrastrukturen: Risikoanalyse Krankenhaus-IT (Management-Kurzfassung). Bonn 2013. Download: www.kritis.bund.de.
International Electrotechnical Commission: IEC 80001:1: Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities, 2010.
International Organization for Standardization: ISO/IEC 27002:2005 Information technology – Security techniques – Code of practice for information security management, 2005.
International Organization for Standardization: ISO/IEC 27005:2008 Information technology – Security techniques – Information security risk management, 2008.
International Organization for Standardization: ISO/IEC 27799:2008 Health informatics – Information security management in health using ISO/IEC 27002, 2008.
OWASP Foundation: OWASP Testing Guide V 3.0, 2008. Download: www.owasp.org.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Eckstein, L., Kraft, R. (2013). A Practical Approach for an IT Security Risk Analysis in Hospitals. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_19
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)