The IT Security working group has been working on the existing challenges in the area of IT security for the entire diagnostics industry since 2016. It was initially founded as an ad hoc working group and has since published two papers that are essential for IT security in companies: the IT Product Security Whitepaper Template with the aim of supporting companies in the procurement and selection process of diagnostics software components and providing customers with secure installation, configuration, maintenance and operation of medical devices and the VDGH position on the topic of "IT security of IVD devices, including legacy systems in the hospital and laboratory environment". The paper provides guidance on the measures that users in hospitals and laboratories should take to maintain the security and essential performance of IVD products.
The working group, which is made up of IT product/solutions managers, product security managers and software developers, among others, attaches particular importance to the VDGH member companies learning from each other in this area and thus reducing vulnerabilities in the systems. The topic has become increasingly relevant in recent years in particular. More and more measures in the field of IT security are necessary for product safety in order to enable the safe operation of diagnostic devices. Among other things, this involves the confidentiality of patient data, the integrity of the medical device, i.e. that the devices function as intended, and the operational readiness of the product. To achieve product safety, diagnostic devices must be correctly developed, implemented and tested - and they must be installed, configured, maintained and operated as intended. If any of these aspects are not observed, product safety can be compromised, which can have serious consequences for safety.
