Description
The use of telemedicine has significantly increased since the COVID-19 pandemic
and gradually becomes part of everyday medical practice. Along with technological
advancements, an increased use of cloud technology can be observed in the domain.
Because of the criticality of such systems, the demand of appropriate security is high. In
the European Union, large, equally complex and dynamic frameworks of laws regarding
medical devices and cybersecurity exist. Designing and implementing secure systems
for telemedicine in the cloud within this context can be a highly challenging task.
In this master’s thesis, the regulatory landscape for the domain of cloud based
telemedicine applications is analyzed and regulatory technical requirements, affecting
system design, are derivated. To validate the requirements for their feasibility, possi-
ble architectures, considering the state of the art of cybersecurity threats and cloud
technology, are presented.
The regulatory analysis indicates a complex and demanding legislative framework in
a dynamic situation, with many regulations planned in the near future. Nevertheless the
amount of domain specific technical requirements is minimal at the moment. Technical
security requirements have been defined and it was possible to show, that secure design
for telemedicine systems in the cloud within the regulatory context is possible, but still
includes a high amount of security awareness by the developer and operator.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching