卫生部门的物联网网络安全:了解适用的法律框架

IF 3.3 3区 社会学 Q1 LAW
Federica Casarosa
{"title":"卫生部门的物联网网络安全:了解适用的法律框架","authors":"Federica Casarosa","doi":"10.1016/j.clsr.2024.105982","DOIUrl":null,"url":null,"abstract":"<div><p>Although the digitalisation of healthcare is an ongoing process that dates back to more than two decades ago, it has gained more momentum with the COVID-19 pandemic. Recent developments in this sector include the adoption of wearable devices based on Internet of Things technology. The possibility of connecting devices that can work outside the physical boundaries of a hospital and follow patients at home, i.e. during their day-to-day life, has several obvious advantages. However, the digitalisation of the health sector through increased adoption of connected devices does not exclude vulnerabilities, particularly risks concerning the protection of patients’ data and the security of networks and information systems. Connected devices can gather, process, and store personal patient health data. Failure to safeguard the integrity and security of these data may affect the patients’ identity and finances and put their lives at risk. The presence of an IoT device in a healthcare setting may affect and reduce the level of network security of the overall system as it may provide an access point for an unlawful hacking attack. Although IoT technologies in the health sector are becoming increasingly pervasive, the European legal framework applicable to them is not clearly defined. This is extremely relevant in the case of cybersecurity, where the legal point of reference is the General Data Protection Regulation, addressing the measures and requirements applicable in case of data breaches, and the Medical Device Regulation, providing provisions focused on the security of data relevant to IoT defined as medical devices. The most recent interventions that address health data processing and cybersecurity are the proposed Cyber Resilience Act and the Health Data Space Regulation. The two acts provide measures and requirements applicable to IoT from two perspectives. Yet, they add complexities and some inconsistencies that may hamper the effectiveness of the overall cybersecurity framework.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"53 ","pages":"Article 105982"},"PeriodicalIF":3.3000,"publicationDate":"2024-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cybersecurity of Internet of Things in the health sector: Understanding the applicable legal framework\",\"authors\":\"Federica Casarosa\",\"doi\":\"10.1016/j.clsr.2024.105982\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Although the digitalisation of healthcare is an ongoing process that dates back to more than two decades ago, it has gained more momentum with the COVID-19 pandemic. Recent developments in this sector include the adoption of wearable devices based on Internet of Things technology. The possibility of connecting devices that can work outside the physical boundaries of a hospital and follow patients at home, i.e. during their day-to-day life, has several obvious advantages. However, the digitalisation of the health sector through increased adoption of connected devices does not exclude vulnerabilities, particularly risks concerning the protection of patients’ data and the security of networks and information systems. Connected devices can gather, process, and store personal patient health data. Failure to safeguard the integrity and security of these data may affect the patients’ identity and finances and put their lives at risk. The presence of an IoT device in a healthcare setting may affect and reduce the level of network security of the overall system as it may provide an access point for an unlawful hacking attack. Although IoT technologies in the health sector are becoming increasingly pervasive, the European legal framework applicable to them is not clearly defined. This is extremely relevant in the case of cybersecurity, where the legal point of reference is the General Data Protection Regulation, addressing the measures and requirements applicable in case of data breaches, and the Medical Device Regulation, providing provisions focused on the security of data relevant to IoT defined as medical devices. The most recent interventions that address health data processing and cybersecurity are the proposed Cyber Resilience Act and the Health Data Space Regulation. The two acts provide measures and requirements applicable to IoT from two perspectives. Yet, they add complexities and some inconsistencies that may hamper the effectiveness of the overall cybersecurity framework.</p></div>\",\"PeriodicalId\":51516,\"journal\":{\"name\":\"Computer Law & Security Review\",\"volume\":\"53 \",\"pages\":\"Article 105982\"},\"PeriodicalIF\":3.3000,\"publicationDate\":\"2024-05-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Law & Security Review\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0267364924000499\",\"RegionNum\":3,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364924000499","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0

摘要

尽管医疗保健数字化是一个持续的过程,可以追溯到二十多年前,但随着 COVID-19 大流行的发生,这一过程获得了更大的发展势头。该领域的最新发展包括采用基于物联网技术的可穿戴设备。这些设备可以在医院的物理边界之外工作,并在家中,即在患者的日常生活中对其进行跟踪。然而,通过更多地采用联网设备实现医疗行业数字化的同时,也不排除存在一些漏洞,特别是与患者数据保护以及网络和信息系统安全有关的风险。联网设备可以收集、处理和存储患者的个人健康数据。如果不能保护这些数据的完整性和安全性,可能会影响患者的身份和财务状况,并危及他们的生命。物联网设备在医疗环境中的存在可能会影响和降低整个系统的网络安全水平,因为它可能会成为非法黑客攻击的接入点。虽然物联网技术在医疗领域日益普及,但适用于这些技术的欧洲法律框架却没有明确规定。这一点与网络安全极为相关,在网络安全方面,法律参考点是《通用数据保护条例》和《医疗设备条例》,前者涉及数据泄露时适用的措施和要求,后者规定的重点是被定义为医疗设备的物联网相关数据的安全性。针对健康数据处理和网络安全的最新干预措施是拟议的《网络复原力法》和《健康数据空间条例》。这两项法案从两个角度提供了适用于物联网的措施和要求。然而,它们增加了复杂性和一些不一致性,可能会妨碍整个网络安全框架的有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Cybersecurity of Internet of Things in the health sector: Understanding the applicable legal framework

Although the digitalisation of healthcare is an ongoing process that dates back to more than two decades ago, it has gained more momentum with the COVID-19 pandemic. Recent developments in this sector include the adoption of wearable devices based on Internet of Things technology. The possibility of connecting devices that can work outside the physical boundaries of a hospital and follow patients at home, i.e. during their day-to-day life, has several obvious advantages. However, the digitalisation of the health sector through increased adoption of connected devices does not exclude vulnerabilities, particularly risks concerning the protection of patients’ data and the security of networks and information systems. Connected devices can gather, process, and store personal patient health data. Failure to safeguard the integrity and security of these data may affect the patients’ identity and finances and put their lives at risk. The presence of an IoT device in a healthcare setting may affect and reduce the level of network security of the overall system as it may provide an access point for an unlawful hacking attack. Although IoT technologies in the health sector are becoming increasingly pervasive, the European legal framework applicable to them is not clearly defined. This is extremely relevant in the case of cybersecurity, where the legal point of reference is the General Data Protection Regulation, addressing the measures and requirements applicable in case of data breaches, and the Medical Device Regulation, providing provisions focused on the security of data relevant to IoT defined as medical devices. The most recent interventions that address health data processing and cybersecurity are the proposed Cyber Resilience Act and the Health Data Space Regulation. The two acts provide measures and requirements applicable to IoT from two perspectives. Yet, they add complexities and some inconsistencies that may hamper the effectiveness of the overall cybersecurity framework.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
5.60
自引率
10.30%
发文量
81
审稿时长
67 days
期刊介绍: CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信