Table 3

The 18 indicators to evaluate risk management, including the priority and complexity of each indicator

SubgroupIndicatorPriorityComplexity
Performance of connected medical devicesNo of residual risks identifiedEmbedded ImageEmbedded Image
No of risk control measures*Embedded ImageEmbedded Image
No of probable risks identifiedEmbedded ImageEmbedded Image
No of potential risks identifiedEmbedded ImageEmbedded Image
Effectiveness of connected medical devicesNo of incidents in which data was lostEmbedded ImageEmbedded Image
No of incidents in which the required information technology (IT) service was not availableEmbedded ImageEmbedded Image
No of emergency operations caused by the connection to the IT network*Embedded ImageEmbedded Image
No of incidents in which patient data were not availableEmbedded ImageEmbedded Image
No of errors in patient data caused by the connection to the IT networkEmbedded ImageEmbedded Image
Technical infrastructureAverage age of medical devices which are connected to IT networkEmbedded ImageEmbedded Image
No of malfunctions of medical devices which are connected to IT networkEmbedded ImageEmbedded Image
No of failures of the medical IT network*Embedded ImageEmbedded Image
No of deliberate actsNo of data thefts and data protection incidents*Embedded ImageEmbedded Image
No of blackmail attemptsEmbedded ImageEmbedded Image
No of hacker attacksEmbedded ImageEmbedded Image
No of unauthorised or undetected connectionsEmbedded ImageEmbedded Image
No of malware activities (Trojans, worms, viruses, etc)Embedded ImageEmbedded Image
No of unauthorised data changes and accessesEmbedded ImageEmbedded Image
  • *Indicators evaluated in the case study.