CLOUD SECURITY FOR HEALTHCARE SERVICES

European Union Agency for Cybersecurity, ENISA (January 2021)

The overall conclusion derived from the study, is that Cloud integration in the healthcare sector in the EU is still in its infancy. Some healthcare organisations hesitate to adopt Cloud services, because they are challenged by a dense and complex legal basis, and new technologies. Furthermore, the loss of data governance and processing of personal data in the Cloud makes healthcare organisations hesitant to adopt Cloud services. Other healthcare organisations use PaaS for connecting medical devices with a web-application for remote monitoring of patients or SaaS for documentation and scheduling doctor-patient consultations.

Some countries are in the beginning of forming a Government Cloud (G-Cloud) to satisfy such needs. There are also various government managed services such as electronic prescription and electronic health records, which run on government-owned resources, such as private Clouds and state owned datacentres and Clouds.

The study is structured around three use cases, which are the most prominent in using Cloud or to be using in the future, namely Electronic Health Record, Remote Care and Medical Devices. A set of 17 security and data protection measures has been identified to be relevant for ensuring Cloud security and have been assessed based on the use case.

Download (1.9 MB)

25 Jan 2021

Kategorie: Report