Forgot password?

The Fondation Brocher is an essential player in this vital thinking process: one which will help make us aware of the real challenges in using our resources for maximum impact on the health of the people of the world.



Professor Daniel Wikler, Harvard University


The Brocher Foundation is a Swiss non-profit private foundation  recognized of public interest. Your donations are tax deductible according to the regulations in force.


June 12 - 14, 2017

Cybersecurity Challenges in Healthcare - Ethical, Legal and Social Aspects



The growing complexity of the digital ecosystem in combination with increasing global risks entail the danger that enforcing cybersecurity may bypass other fundamental values like equality, fairness of privacy, whereas downplaying cybersecurity would undermine citizens' trust and confidence in the digital infrastructure. This general problem is of particular relevance for the healthcare sector, where digitalization is strongly pushed for increasing the efficiency of the system. Many information and communication technology (ICT) applications in the health system work with sensitive personal data. Some particular services whose operation relies on information and communication technology (ICT) may have immediate and even fatal consequences for individuals if their cybersecurity has been compromised (e.g., life-sustaining systems in intensive care units). Other providers of critical infrastructure like power grids, the finance system as well as the military have developed a high sensitivity for cybersecurity related issues in the last years. For the health system, however, a systematic approach for understanding threats like data theft, extortion, cybercrime, healthcare providers as potential targets for cyberterrorism, or collateral damage for medical institutions in cyberwar is missing. On the other hand, if implemented incorrectly and not adapted to the needs of medical personnel, cyber security may endanger a correct treatment of patients as well. In our workshop, we aim to create a comprehensive overview on cybersecurity issues in healthcare and their ethical, legal and social consequences. The workshop is embedded in a three-year Coordination and Support Action financed by the European Commission, backed by a consortium of 11 partners from seven European countries: the CANVAS Consortium (creating an alliance for value-sensitive cybersecurity). The healthcare system is one of the three reference domains for which CANVAS aims to strengthen the ethical boundary conditions for responsible cybersecurity.

List of Participants



Ahmed Walid

Federal Office of Public Health, Switzerland

Endre Bangerter

Bern University of Applied Sciences, Switzerland

Alessandro Blasimme

University of Zurich. Switzerland

Markus Christen

University of Zurich, Switzerland

Jens Clausen

Freiburg University of Education, Germany

Martin Denz

Swiss Association for Telemedicine and E-Health, Switzerland

Josep Domingo-Ferrer

Universitat Rovira i Virgili, Tarragona, Catalonia

Patrick Dümmler

Health Tech Cluster Switzerland and Avenir Suisse, Switzerland

Kherif Ferath

CHUV Lausanne / Human Brain Project, Switzerland

Dominik Herrmann

University of Hamburg, Germany

Reto Inversini

Swiss Reporting and Analysis Centre for Information Assurance

David-Olivier Jaquet-Chiffelle

University of Lausanne, Switzerland

Lina Jasmontaite

Vrije Universiteit Brussel, Belgium

Bonnie Kaplan

Yale University, USA

David Krieger

University of Lucerne, Switzerland

Michele Loi

University of Zurich, Switzerland

Hannes Molsen

Drägerwerk AG & Co. KGaA, Germany

Kathrin Noack

SecUnity Project, Germany

Nicola Orlandi

Novartis, Switzerland

Bart Preneel

KU Leuven, Belgium

Andreas Reis

World Health Organization, Switzerland

Marc Ruef

Scip AG Zurich. Switzerland

Marcel Salathé

EPFL Lausanne, Switzerland

Carsten Stahl

De Montfort University, United Kingdom

Mariarosaria Taddeo

University of Oxford, United Kingdom

Yung Shin Van Der Sype

KU Leuven, Belgium

Ning Wang

University of Zurich, Switzerland

Karsten Weber

OTH Regensburg, Germany

Harald Zwingelberg

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany



Titles & Short Abstracts


Monday, June 12 2017


Nicola Orlandi – New sources for health data, protecting individuals while supporting scientific research and health system

Data Privacy plays a relevant role in supporting new trends in healthcare like digitalization, big data analysis and more in general new interactions with patients and healthy individuals. Protecting individuals and supporting scientific research cannot be alternative concepts where one has to prevail over the other. A clear strategy combining transparency, governance and security with scientific needs and research aspiration is required in order to reach individual and societal expectations while protecting individuals and the general community from data privacy risks.


Marcel Salathé – Digital Epidemiology

Online, mobile, global – the ongoing digital revolution affects all aspects of life. Massive amounts of data are now shared by billions of people around the globe through mobile phones, social media services, and other outlets, on any issue imaginable, including issues of health. These data sources can be mined for epidemiological purposes, giving rise to digital epidemiology. Of equal importance, but less discussed, is the fact that these large data sets (big data) provide the raw material for new machine learning algorithms to train on (e.g. deep learning), resulting in software that in various domains is close to achieving, or already has achieved, human performance. The data required for these algorithms to train pose fundamentally new tradeoffs between privacy, security, and power.


Patrick Dümmler – The trilemma: Patients, Technology, and Financing

Patients are hesitant to embrace the full potential of digitalization. Fears are widespread that personal health data are used against the interest of patients. Additionally questions arise if new, data based technologies can be financed given the current healthcare financing systems.


Mariarosaria Taddeo


Karsten Weber – Ethics on the individual level is insufficient – technology in health care calls for social philosophy

When it comes to ethics with regard to technology it is soften assumed that certain actors, for instance engineers, programmers, designers, and the like, are morally obliged to create products and services that respect moral values. Although this is certainly true, it is only half of the truth. Ideas like value-based design of technology and responsible research and innovation actually address the above-mentioned professional actors, but speaking about such ideas, one must assume, at least implicitly, that designing and engineering happen in a social and political environment that supports moral values like justice, fairness, equality, and the like. These moral values are found in the realm of social and political philosophy.


David Krieger – Network Public Governance and Cyber Security in Health Care

The domain of security issues in today’s global network society is no longer territorial, physical, or organizational, and neither it is merely digital. Instead, we must redefine security within a mixed reality that is inseparably real and virtual, which consists of socio-technical ensembles, or actor-networks instead of closed systems. Healthcare security becomes a matter of constructing networks of both human and nonhuman actors in ways that tend to resist arbitrary, unforeseeable, and exclusive attempts to redirect the trajectory or purpose of a network. This could be done by designing governance frameworks based on network norms derived from the affordances of ICTs such as connectivity, flow, communication, participation, transparency, authenticity, and flexibility. Such networks tend to be self-reparable, resilient, innovative, open, and inclusive and therefore offer the best defense against external or internal threats.



Tuesday, June 13 2017


Hannes Mohlsen – Mind the Gap

Are only vulnerability-free systems secure? What is a vulnerability, and why can’t we get rid of all of them? And if we can’t get rid of them, how can we still achieve a decent level of security to sustain in an interconnected, hostile environment? This talk will show how a comprehensive security development lifecycle helps manufacturers to develop secure products.


Josep Domingo-Ferrer – Personal Big Data in Healthcare: Privacy Challenges

The explosion of big data opens such huge analytical and inferential possibilities that they may allow modeling the world and predicting its evolution with great accuracy. In particular, better healthcare can be provided by accumulating data on the reactions of patients to treatments, telemedicine, comparative studies, etc. The dark side of such abundance of personal data is that it complicates the preservation of individual privacy. Facing the tension between big data and privacy, we find two extreme positions that strive for hegemony: On the one side, the nihilists claim that it is delirious to try to maintain one's privacy in the big data world, and that the best we can hope for is that our data are not misused (if this means anything). On the other hand, the fundamentalists propose privacy protection methods so drastic that their application would destroy nearly all the analytical interest of big data. We will survey these extreme positions and we will describe a midway path, which we believe more balanced and desirable. This path is based on identifying the utility and privacy requirements of big data and trying to satisfy them through an evolution of the statistical disclosure control methods developed in the last 40 years. We will also briefly touch on transparent, local and collaborative anonymization as ways to reduce the power of the data controller in front of individual subjects.


Marc Ruef – (In)security of Medical Devices

Life is precious. And so is health data. The data exchange in the Darknet shows that medical data is traded for good money. An important part of e-health is the security and safety of medical devices. This talk is discussing the security and flaws of some devices and what the industry has to do to improve in the future.


Bernd Carsten Stahl – Responsible Research and Innovation in ICT – A Method for Addressing Cybersecurity Challenges in Healthcare?

Healthcare research and practice rely to an ever-increasing degree on the collection of large amounts of data. This promises better understanding of diseases and their cures as well as a more efficient administration of healthcare. At the same time, it raises the threat of unauthorized access to data with its resulting breaches of privacy and confidentiality. The loss of security and integrity may even jeopardize the health and wellbeing of patients. Cybersecurity is an aspect of the organizational ecosystem that aims to ensure that the benefits of the informatization of healthcare outweigh its disadvantages. The key ethical question in this context, as often in ethics, is that of the balance between different and sometimes competing moral goods. The health and efficiency benefits of novel information and communication technologies have to be weighed against the potential downsides they may create. In this presentation, I will explore two different avenues in this area. The first part of the argument will be an exploration of the way in which security concerns are currently addressed in healthcare settings. This work constitutes an empirical investigation of security policies in the British National Health Service (NHS). By using an approach based on critical social theory, we could show that security policies can contain alternative agendas and have consequences that are not necessarily consistent with the aim of securing data in healthcare. Second, starting from this observation of potential problems of security policies, I will then present work on responsible research and innovation in the European Flagship Human Brain Project that deals with large amounts of different types of data. I will discuss the various RRI activities in the project and focus in particular on the processes of ethics management and data governance. Finally, the conclusion will return to the question of balancing out the goods. In particular, I will discuss the potential conflict between security of data and the requirement for open access and sharing of data and findings. I will discuss whether and to which degree the idea of reflexivity and public engagement can help finding an appropriate balance to deal with these competing goods.


Jens Clausen 


David-Olivier Jaquet-Chiffelle – Medical records: how to reconcile statistical needs with privacy requirements

David-Olivier Jaquet-Chiffelle will introduce the solution that he conceived and that is now used by the Swiss Federal Statistical Office (SFSO) for the medical statistics of all patients hospitalized in Switzerland. This system allows the SFSO to link different hospitalizations of the same patient, while protecting the patient’s anonymity. Every Swiss hospital uses this system to transfer its data to the SFSO.


Kherif Ferath – Ethics at the center of Medical Informatics Platform architecture


Andreas Reis – WHO Guidelines on Ethical Issues in Public Health Surveillance.

Surveillance is one of the pillars of public health. Even though surveillance activities raise a host of ethical issues, until recently a comprehensive ethical framework has been missing. By publishing its international guidelines, WHO is filling this gap. The presentation will discuss the main guidelines and it relevance to key topics of the workshop.


Ahmed Walid – Risks and side effects – Privacy and security policies for the Swiss electronic patient record

Only inaccessible data is perfectly secure – but also useless. Having the relevant information available at anytime and anywhere is increasingly crucial to provide good healthcare. But how to balance the privacy threads and security risks of sharing medical information vs. the medical risks in not doing so? The federal act on the electronic patient record (EPRA; ger.: EPDG), which came into force in April 2017, provides the legal basis for establishing a shared medical record, accessible for healthcare professionals as well as for patients. Private-law domains need to pass a certification procedure by law in order to interconnect, forming a decentralised architecture. This presentation will talk about the challenges and struggles we faced as policy makers to balance the opposing objectives of a highly complex ecosystem and the trade-offs that had to be made between privacy rights and patient safety, between security, costs and usability as well as between high regulatory density and self-responsibility. Because – “it’s about trust, stupid!”.


Yung Shin Van Der Sype – Counterattacking Social Engineering Attacks in Healthcare

The increasing number of cybersecurity attacks and the potentially enormous impact of cybersecurity vulnerabilities on patient care, urge the healthcare sector to counteract these threats. This talk aims at discussing the dangers of, and approaches to counterattack, social engineering attacks in healthcare contexts.


Wednesday, June 13 2017


Bart Preneel – Security for Medical Implantable Devices

In this talk we discuss the security of the current generation implantable devices. We describe the known vulnerabilities and their impact. Next we consider the constraints that are imposed on secure solutions and which cryptographic techniques could offer acceptable solutions. We conclude by discussing architectural aspects and governance issues.


Martin Denz – Back to the GP’s future – how to unite analogue with digital qualities in primary health

Personal relationship within medical processes is shifting from physical handshake to digital interaction at a distance. In parallel to the diffusion of digital information and communication technologies, population and healthcare professionals complain about the loss of analogue qualities, such as trust and credibility. The collection of digital data is assumed to enhance patient safety and medical quality. Sensors with mobile and wireless devices evolve towards continuous monitoring and become personal biomarkers. By accumulating big data, cyber-security challenges increase. Meanwhile medical processes become fragmented, overview and coordination are lacking. We need integrators, complexity managers and lifelong health coaches, for the mastery of analogue and digital skills, taking responsibility as a knowledge, security and process navigator. Such advanced health professionals are already developing new professional roles and self-understanding, based upon interprofessionality concepts. Integrating analogue and digital qualities brings us back to the values of the “good old GP”.


Reto Inversini – Lightweight approach for the protection of information technology in health care environments

Many current threats against health care institutions are fairly standard, some are more targeted. We are going to show the similarities and differences between attacks against health care institutions and other sectors. In the first part, we analyze some important attack vectors. In a second part, we try to respond to these threats by proposing lightweight yet robust security measures that are adapted to the demanding field of health care environments. Even though there exist many common security best practices, not all of them are suited for the implementation in health care networks. A good example is the traditional AV protection, which is often implemented on systems where the collateral damage is sometimes bigger than the protective effect. We are going to introduce another approach, which strengthens prevention, detection and reaction. We are recommending a robust policy regarding incoming data types and the execution of unknown binaries. With a loose coupling between various network domains, we can build choke points, which monitor traffic anomalies and "circuit breakers” for a quick decoupling in an emergency. In order to still have access to important data in such a situation we propose a shadow copying of important data into the various segments.


Bonnie Kaplan – A socio-technical view of ELSI in Cyberspace

Data protection regulation and practice does not protect health-related data about individuals well, nor does it allow such data to be readily used for research, public health, and other worthy purposes.  Cyberattacks, malware, and poor practices can affect critical infrastructure and crucial services and health care delivery.  They also can affect individuals in multiple ways, ranging from, for example, clinical encounters, to employment, to wearable and mHealth devices, to finances. Related ethical, legal, and social issues (ELSI) cross-cut society and governance, including communication, commerce and trade, intellectual property, and contracts; research; discrimination; law enforcement; and, in the US, free speech.  That these issues are so pervasive illustrates how healthcare cybersecurity involves understanding a complex interplay of technological and socio-cultural considerations. I will present a broader ELSI approach that treats cybersecurity and health data as parts of a wider socio-technical system. We can better understand socio-technical constituents contributing to healthcare cybersecurity and vulnerabilities by integrating knowledge and methods from separate fields of study, by undertaking new studies of cybersecurity practices, and by expanding the idea of cybersecurity to include wider consideration of related ethical, legal, and social issues. This approach is meant as one that can help change regulation, practice, and cultural environments to improve cybersecurity and better protect patient privacy, thereby encouraging promising—and ethical—data use to improve health and healthcare.


Alessandro Blasimme


Harald Zwingelberg – Data Protection and Cybersecurity in healthcare

Cybersecurity in the healthcare area is of extreme importance. Besides ensuring the 24/7-operability of the whole system and other critical infrastructures it is likewise necessary protect the patient’s data and the basic rights while keeping in mind the demands of of medical research and safeguarding the ICT-systems.

Given this tension between interests I am highly looking forward to Bonnie Kaplan’s proposals for a wider socio-technical system incorporating cybersecurity and the protection of health data. On the basis of the needs of the upcoming European Data Protection Regulation (GDPR) I will then present a methodology proposed by the Conference of the Independent Data Protection Authorities of the the Bund and the Länder (Germany) for requirement analysis, assessment of processes and data protection impact assessments. The said model extends well acknowledged IT-security goals by data protection goals on the basis of fundamental rights, thus strictly with the affected data subjects in mind. Ethical aspects are covered as far as direct or indirect negative effects are to be expected for the persons affected, e.g. where data processing and profiling may result in discrimination.

The potential conflict between the protection of personal data and providing effective measures for cybersecurity may partly be solved with proper technical and organizational measures – particularly the deployment of privacy enhancing technologies. Besides it has to be ensured that affected persons retain all their rights granted by the GDPR and that transparency about responsibilities and processes is provided.

Example case: We assume that cybersecurity for critical infrastructures needs to address all likely attack vectors. ICT-systems already provide a high level of security but users – be it by lack of knowledge or negligence - are still frequent cause for risks. A German research project under participation of ULD currently runs a penetration test in the healthcare sector to evaluate the awareness of employees for data protection and security aspects. Tests include e.g. e-mails to potentially insecure websites. Based on the results the staff receives individualized training tailored to the püarticular specifics of the hospital.


Program Overview


Monday, June 12: Topic „Systems“

Chair: Endre Bangerter, Bern Univ. of Applied Sciences

Tuesday, June 13: Topic „Devices“

Chair: Markus Christen, University of Zurich

Wednesday, June 14: Topic „Information“

Chair: Dominik Herrmann, University of Hamburg


08:30-10:30: Session 3: Devices – Technology

MS: Hannes Molsen, Product Security Manager Dräger Medical, Germany

CS1: Josep Domingo-Ferrer; Universitat Rovira i Virgili, Catalonia

CS2: Marc Ruef, Scip AG, Zürich, Switzerland

08:30-10:30: Session 5: Information – Technology

MS: Bart Preneel, COSIC research group, Katholieke Universiteit Leuven, Belgium

CS1: Martin Denz, President Swiss Association for Telemedicine and eHealth, Switzerland

CS2: Reto Inversini, Swiss Reporting and Analysis Centre for Information Assurance

10:00-10:30: Arrival of participants (coffee)

10:30-11:00: Coffee break

10:30-11:00: Introduction (by organizers)

11:00-13:00: Session 1: Systems – Technology

MS: Nicola Orlandi, Head Data Privacy Pharma, Novartis international

CS1: Marcel Salathé, Digital Epidemiology Lab, EPFL Lausanne, Switzerland

CS2: Patrick Dümmler, Health Tech Cluster Switzerland

11:00-13:00: Session 4: Devices – Ethics

MS: Bernd Carsten Stahl, Centre for Computing and Social Responsibility, De Montfort University, UK

CS1: Jens Clausen, Freiburg University of Education, Germany

CS2: David-Olivier Jaquet-Chiffelle, University of Lausanne

11:00-13:00: Session 6: Information – Ethics

MS: Bonnie Kaplan, Yale Center for Medical Informatics & Yale Interdisciplinary Bioethics Center, USA

CS1: Alessandro Blasimme, Health Ethics and Policy Lab, University of Zurich, Switzerland

CS2: Harald Zwingelberg, Unabhängiges Landeszentrum für Datenschutz, Kiel, Germany

13:00-14:00: Lunch

14:00-16:00: Session 2: Systems – Ethics

MS: Mariarosaria Taddeo, Oxford Internet Institute, UK

CS1: Karsten Weber, Institute of Social Research and Technology Assessment, OTH Regensburg, Germany

CS2: David Krieger, Institute of Communications & Leadership, Lucerne, Switzerland

14:00-16:00: Open Forum

Kherif Ferath, CHUV Lausanne / Human Brain Project

Andreas Reis, World Health Organization, Geneva

Ahmed Walid, Federal Office of Public Health, Bern

Yung Shin Van Der Sype, KU Leuven / DOGANA
project, Belgium

14:00-15:30: Group work presentation

15:30-16:00: Round up (by organizers)

16:00-16:30: Coffee break

Participants are expected to depart on Wednesday

16:30-18:00: Group work

16:30-18:00: Group work

18:30-20:00: Dinner

MS: Main Speaker (45’), CS: Co-Speaker (20’ each). Open Forum talks: 20’ each