A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit <a rel="external noopener" href="https://dspace.flinders.edu.au/xmlui/bitstream/handle/2328/37726/Anderson_Cybersecurity%20_AM2017.pdf;jsessionid=FC5DE970B5F51708565A093BA20E7D79?sequence=1">the original URL</a>. The file type is <code>application/pdf</code>.
<i title="Elsevier BV">
<a target="_blank" rel="noopener" href="https://fatcat.wiki/container/dbwr63m6x5cg5aarov3i7yfe4u" style="color: black;">Computer Standards & Interfaces</a>
Highlights An analysis of technical guidance for cybersecurity of ISO 80001-2-8 is presented ISO 80001-2-8 technical security controls have significant gaps in areas ISO 80001-2-8 presents an effective baseline for cybersecurity of medical devices ABSTRACT Medical devices, in the case of malfunction, can have tangible impact on patient safety. Their security, in a world where the Internet of Things has become a reality, is paramount to the continued safety of patients that are dependent<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.csi.2017.10.001">doi:10.1016/j.csi.2017.10.001</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/phlnmqcvtfdmtjuuswbska3gjq">fatcat:phlnmqcvtfdmtjuuswbska3gjq</a> </span>
more »... on these devices. The international standard ISO/IEC 80001 -Application of risk management for IT-networks incorporating medical devices presents a unified and amalgamated approach to the safety of medical devices connected to IT networks. Whilst this standard presents a guide for security and risk management in health delivery organisations, its effectiveness with regard to contemporary cybersecurity is unknown. This research employed a structured review process to compare and analyse the ISO/IEC 80001 technical controls standards (ISO/IEC 80001-2-2 and ISO/IEC 80001-2-8), with contemporary cybersecurity best practice, guidelines and standards. The research deconstructed the technical controls and drew links between these standards and cybersecurity best practice to assess the level of harmonisation. Subsequently, a deeper analysis identified the areas of omission, coverage, addition or improvement that may impact the effectiveness of ISO/IEC 80001 to provide effective cybersecurity protection. ISO/IEC 80001 aims to provide a minimal level of cybersecurity however this research demonstrates that there are deficiencies in the standard and identifies the important aspects of cybersecurity that could be improved. This situation has arisen due to the rapidly evolving nature of the cybersecurity environment and the protracted time to revise and republish international standards. This research identified several areas that require urgent consideration, including Emergency Access, Health Data De-Identification, Physical Locks on Devices, Data Backup, Disaster Recovery, Third-Party Components in Product Lifecycle Roadmap, Transmission Confidentiality, and Transmission Integrity. The research will provide health delivery organisations implementing ISO/IEC 80001, assurance as to the level of protection supplied by the ISO/IEC 80001 standard, and the areas that may need enhancement to increase cybersecurity protection and consequently increase in patient safety. Further, the outcomes are expected to influence development of the related international standard,
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200310125916/https://dspace.flinders.edu.au/xmlui/bitstream/handle/2328/37726/Anderson_Cybersecurity%20_AM2017.pdf;jsessionid=FC5DE970B5F51708565A093BA20E7D79?sequence=1" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/a3/b2/a3b2759ab111f4f4fab30b094058c89a3b97955a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.csi.2017.10.001"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> elsevier.com </button> </a>