Subgroup | Measure | Priority | Complexity |
Organisation | External laws and regulations must be taken into account* | ||
The users must learn the network functions of the medical device* | |||
Information technology (IT) standards and frameworks [Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL), etc] must be integrated* | |||
A professionally qualified risk manager must be appointed* | |||
Roles and tasks of the risk manager must be clearly defined* | |||
Roles and tasks of the manufacturers must be clarified* | |||
Roles and tasks of users must be defined* | |||
Responsible leadership must be appointed* | |||
Possible stakeholders must be identified and informed* | |||
Scopes must be defined* | |||
Risk management processes must be developed and implemented* | |||
Risk management activities must be evaluated regularly and improved if necessary | |||
Interface between medical technology and IT department must be ensured* | |||
A coordinated procurement process for medical devices must be established* | |||
Reporting to the responsible management must be implemented* | |||
A risk management file must be created* | |||
All networked medical devices/systems must be recorded and documented* | |||
A complete network description and documentation must be kept* | |||
Document guidance must be introduced* | |||
Risk identification | Ask manufacturers about possible cyber risks of their medical device* | ||
Ask users what impact a medical device failure has* | |||
Ask the IT department about general IT threats | |||
Identify the purpose of the connection to the IT network and derive risk situations* | |||
Identify critical clinical areas and automatically assume critical networking there* | |||
Identify data flows completely and derive possible errors and effects | |||
Create or adapt hazard catalogue* | |||
Risk analysis | Define risk matrix* | ||
Define probabilities of occurrence* | |||
Define implications for data and information security* | |||
Define impact for process effectiveness* | |||
Define implications for patient safety* | |||
Assess risks for each potential hazard* | |||
Document risk analyses and evaluations* | |||
Risk minimisation | The medical IT network must be constantly monitored* | ||
Basic general IT security (eg, ISO 2700x) must be ensured* | |||
Incident and event management must be developed and implemented | |||
Implement network segmentations based on risk analysis | |||
Interface and communication standards (eg, HL7, DICOM) must always be applied* | |||
The technical infrastructure must be continuously kept at state of the art* | |||
Manual data processing procedures should be identified as possible workarounds* | |||
Risk-minimising measures must be regularly reviewed and documented | |||
Catalogue for risk-minimising measures must be created and implemented | |||
Residual risks | Residual risks must be systematically assessed and justified | ||
Residual risks must be documented in an understandable manner | |||
Residual risks must always be accepted by top management* | |||
Change management | Systematic change and configuration processes must be developed | ||
All changes and configurations must be approved by IT risk management* | |||
Frequent changes should be defined as standard processes (routine) | |||
Significant changes or new installations should be organised as a project* |
*Measures implemented in the case study.