Press release
Having received official recognition, TÜVIT is now carrying out tests in accordance with BSI TR-03161. The technical guideline serves as a guide for manufacturers of applications in the healthcare sector when creating secure solutions.
Pulse and heart rate recordings, sleep data or medication schedules: health applications store and process a lot of personal and sensitive data. If this data falls into the hands of attackers, it can have serious consequences - both for users and manufacturers. This makes it all the more important to provide the best possible protection against data theft or misuse.
With the successful recognition according to BSI TR-03161, TÜV Informationstechnik (TÜVIT) now offers manufacturers of applications in the healthcare sector tests according to the security requirements of the technical guideline. The aim of the TR is to protect the confidentiality, integrity and availability of sensitive data collected by healthcare applications. BSI TR-03161 therefore contains a series of minimum requirements for the IT security of mobile applications, web applications and background systems in the healthcare sector. However, it can also be seen as a guideline for all applications that store or process sensitive data.
In accordance with TR-03161, TÜVIT's IT security experts check the purpose, architecture, source code, cryptographic implementation and data security of the relevant applications, among other things. For example, they check that the healthcare application does not collect and process any data that does not serve its legitimate purpose, or examine whether IT security is taken into account as an integral part of the software development and life cycle. In addition to the test aspects, TR-03161 also includes typical threat scenarios. In order to determine the resilience of applications to these, experienced pentesters from TÜVIT carry out targeted vulnerability analyses and penetration tests.
If a healthcare application fulfils the requirements of BSI TR-03161, the Federal Office for Information Security (BSI) issues the desired certificate.
For manufacturers and operators of digital health applications (DiGA), the certificate in accordance with BSI TR-03161 is also one of the necessary prerequisites for being included in the list of reimbursable digital health applications.
TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.
Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.