{"title":"Cybersecurity of Internet of Things in the health sector: Understanding the applicable legal framework","authors":"Federica Casarosa","doi":"10.1016/j.clsr.2024.105982","DOIUrl":null,"url":null,"abstract":"<div><p>Although the digitalisation of healthcare is an ongoing process that dates back to more than two decades ago, it has gained more momentum with the COVID-19 pandemic. Recent developments in this sector include the adoption of wearable devices based on Internet of Things technology. The possibility of connecting devices that can work outside the physical boundaries of a hospital and follow patients at home, i.e. during their day-to-day life, has several obvious advantages. However, the digitalisation of the health sector through increased adoption of connected devices does not exclude vulnerabilities, particularly risks concerning the protection of patients’ data and the security of networks and information systems. Connected devices can gather, process, and store personal patient health data. Failure to safeguard the integrity and security of these data may affect the patients’ identity and finances and put their lives at risk. The presence of an IoT device in a healthcare setting may affect and reduce the level of network security of the overall system as it may provide an access point for an unlawful hacking attack. Although IoT technologies in the health sector are becoming increasingly pervasive, the European legal framework applicable to them is not clearly defined. This is extremely relevant in the case of cybersecurity, where the legal point of reference is the General Data Protection Regulation, addressing the measures and requirements applicable in case of data breaches, and the Medical Device Regulation, providing provisions focused on the security of data relevant to IoT defined as medical devices. The most recent interventions that address health data processing and cybersecurity are the proposed Cyber Resilience Act and the Health Data Space Regulation. The two acts provide measures and requirements applicable to IoT from two perspectives. Yet, they add complexities and some inconsistencies that may hamper the effectiveness of the overall cybersecurity framework.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105982"},"PeriodicalIF":3.3000,"publicationDate":"2024-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364924000499","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0
Abstract
Although the digitalisation of healthcare is an ongoing process that dates back to more than two decades ago, it has gained more momentum with the COVID-19 pandemic. Recent developments in this sector include the adoption of wearable devices based on Internet of Things technology. The possibility of connecting devices that can work outside the physical boundaries of a hospital and follow patients at home, i.e. during their day-to-day life, has several obvious advantages. However, the digitalisation of the health sector through increased adoption of connected devices does not exclude vulnerabilities, particularly risks concerning the protection of patients’ data and the security of networks and information systems. Connected devices can gather, process, and store personal patient health data. Failure to safeguard the integrity and security of these data may affect the patients’ identity and finances and put their lives at risk. The presence of an IoT device in a healthcare setting may affect and reduce the level of network security of the overall system as it may provide an access point for an unlawful hacking attack. Although IoT technologies in the health sector are becoming increasingly pervasive, the European legal framework applicable to them is not clearly defined. This is extremely relevant in the case of cybersecurity, where the legal point of reference is the General Data Protection Regulation, addressing the measures and requirements applicable in case of data breaches, and the Medical Device Regulation, providing provisions focused on the security of data relevant to IoT defined as medical devices. The most recent interventions that address health data processing and cybersecurity are the proposed Cyber Resilience Act and the Health Data Space Regulation. The two acts provide measures and requirements applicable to IoT from two perspectives. Yet, they add complexities and some inconsistencies that may hamper the effectiveness of the overall cybersecurity framework.
期刊介绍:
CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
