Want to learn more about our solutions, use cases and best practices for attack defense? In our download area you will find product sheets, fact sheets, white papers and case studies.
03
What are the advantages of DiGA?
DiGA contribute to professional medical care, especially the detection, monitoring, treatment, or alleviation of illnesses and injuries. The applications are used either by the patient alone or together with the treating physician. For example, the applications enable the collection of more precise diagnostics through the continuous recording of health values. The course of the illness and the progress made towards recovery can be tracked and analyzed seamlessly. In practice, these applications also help the patient avoid unnecessary appointments with doctors, which reduces the overall effort needed for treatment.
06
DiGA data protection
As defined by the General Data Protection Regulation (GDPR), providers and operators of DiGA must ensure the integrity and confidentiality of the processed data. In order to guarantee this, data controllers must take suitable technical and organizational measures. These include data encryption or pseudonymization technologies. In accordance with the Digital Health Applications Ordinance (DiGAV) and similar to what is required under the rules governing health insurance funds (Section 80 SGB X), data must be processed locally in the Federal Republic of Germany, the member states of the EU, the contracting states of the Agreement on the European Economic Area (EEA) and Switzerland, or in states for which there is an adequacy decision in accordance with Article 45 GDPR. Processing of the data outside the EU is not permitted on the basis of Article 46 GDPR (standard contractual clauses) or Article 47 (binding corporate rules). Due to the invalidation of the Privacy Shield as a result of the Schrems II ruling of 2020, the processing of health data by contractors or service providers from the USA is no longer permitted.
09
How can DiGA be protected from cyber attacks?
The same methods that are used to protect other sensitive business processes apply to the protection of DiGA. Dedicated security systems designed to protect against DDoS attacks on the online platforms themselves and the server structures behind them can be used to reliably defend against traffic flooding attacks across all relevant network layers. Automated access to the applications by bots should also be registered as such and prevented if necessary to effectively combat brute force, credential stuffing, or credential cracking. The most common attack vectors for web applications are addressed by a professionally implemented WAF solution that allows operating companies to also minimize the risk of any security gaps in the DiGA themselves. Continuous monitoring, regular security audits, and penetration tests round off the range of protective measures.
Myra is the specialist provider for the healthcare sector
Myra Security develops and operates highly certified protection solutions to secure digital business processes. As a specialist provider for sensitive and critical infrastructure, we have many years of experience protecting companies and organizations in the healthcare, finance, and insurance industries as well as in the critical infrastructure and government sectors. Customers in these highly regulated areas benefit from certified security and compliance with GDPR, IT-SiG, BSI-KRITIS, and industry-specific standards.
Want to learn more about our solutions, use cases and best practices for attack defense? In our download area you will find product sheets, fact sheets, white papers and case studies.