Skip to main content
SpringerLink
Log in

A Practical Approach for an IT Security Risk Analysis in Hospitals

  • Chapter
ISSE 2013 Securing Electronic Business Processes

  • 885 Accesses

Abstract

Hospitals are indispensable institutions for public healthcare and part of society’s critical infrastructures. The increasing use of information technology and networks creates new dependencies and risks that could affect medical service availability. A systematic analysis of risks associated with IT will help to determine the risks for critical processes caused by IT disruptions or failures.

This paper outlines a practical risk analysis approach with focus on the risks associated with the dependency on hospital IT. The method was developed within the project “Risk analysis hospital IT” (”Risikoanalyse Krankenhaus-IT” - RiKrIT) launched by the Federal Office for Security in Information Technology (BSI), the Federal Office for Civil Protection and Disaster Assistance (BBK), the Senate Department for Health, Environment and Consumer Protection of the State of Berlin, and the Unfallkrankenhaus Berlin (ukb).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.gulli.com/news/5922-san-diego-63-monate-haft-fuer-boeswilligen-hack-aus-rache-2008-06-14

  2. 2.

    www.heise.de/-1122484

References

  1. Federal Office of Civil Protection and Disaster Assistance (BBK): Schutz Kritischer Infrastruktur: Risikomanagement im Krankenhaus (Leitfaden zur Identifikation und Reduzierung von Ausfallrisiken in Kritischen Infrastrukturen des Gesundheitswesens), Langfassung, Bonn 2008. Download: www.kritis.bund.de.

  2. Federal Ministry of the Interior (BMI): Protecting Critical Infrastructures – Risk and Crisis Management – A Guide for Companies and Government Authorities. Berlin 2008. Download: www.kritis.bund.de.

  3. Federal Office for Information Security (BSI): BSI-Standard 100-2: IT-Grundschutz Methodology, Version 2.0. Bonn 2008. Download: www.bsi.bund.de/Standards.

  4. Federal Office for Information Security (BSI): BSI-Standard 100-3: Risk Analysis based on IT-Grundschutz, Version 2.5. Bonn 2008. Download: www.bsi.bund.de/Standards.

  5. Federal Office for Information Security (BSI): Threats Catalogue: Elementary Threats, Version 1.0. Bonn 2011. Download: www.bsi.bund.de/Standards.

  6. Federal Office for Information Security (BSI): Supplement to BSI-Standard 100-3, Version 2.5, Application of the Elementary Threats from the IT-Grundschutz Catalogues for Performing Risk Analyses, Bonn 2011. Download: www.bsi.bund.de/Standards.

  7. Federal Office for Information Security (BSI): IT-Grundschutz-Kataloge. 12. Ergänzungslieferung, Bonn 2011. Download: www.bsi.bund.de/IT-Grundschutz-Kataloge.

  8. Federal Office for Information Security (BSI): Schutz Kritischer Infrastrukturen: Risikoanalyse Krankenhaus-IT (Langfassung). Bonn 2013. Download: www.kritis.bund.de.

  9. Federal Office for Information Security (BSI): Schutz Kritischer Infrastrukturen: Risikoanalyse Krankenhaus-IT (Management-Kurzfassung). Bonn 2013. Download: www.kritis.bund.de.

  10. International Electrotechnical Commission: IEC 80001:1: Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities, 2010.

    Google Scholar 

  11. International Organization for Standardization: ISO/IEC 27002:2005 Information technology – Security techniques – Code of practice for information security management, 2005.

    Google Scholar 

  12. International Organization for Standardization: ISO/IEC 27005:2008 Information technology – Security techniques – Information security risk management, 2008.

    Google Scholar 

  13. International Organization for Standardization: ISO/IEC 27799:2008 Health informatics – Information security management in health using ISO/IEC 27002, 2008.

    Google Scholar 

  14. OWASP Foundation: OWASP Testing Guide V 3.0, 2008. Download: www.owasp.org.

Download references

Authors
  1. Levona Eckstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reiner Kraft
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TeleTrusT – Bundesverband IT-Sicherheit e.V., Erfurt, Germany

    Helmut Reimer

  2. Gelsenkirchen, Germany

    Norbert Pohlmann

  3. Darmstadt, Germany

    Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Eckstein, L., Kraft, R. (2013). A Practical Approach for an IT Security Risk Analysis in Hospitals. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-03371-2_19

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-03370-5

  • Online ISBN: 978-3-658-03371-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation