Högskolan i Skövde

This thesis aims to analyse the influence of certification standards and government regulation on the security of Internet of Things (IoT) technologies in the health sector. The data for this study was collected through a systematic literature review (SLR) and expert interviews. The study attempts to highlight the challenges that arise from fragmentation in standards, inconsistent certifications, and jurisdictional variations. It unveiled that IoT devices prioritise functionality over security and lack security-by-design principles. Some standards exist, such as International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST), and the European Telecommunications Standards Institute (ETSI). However, their overlapping guidelines and generalisations about IoT currently make implementation in small municipalities and organisations an expensive and highly impractical undertaking. In addition, the study highlights that existing laws and regulations, such as General Data Protection Regulation (GDPR) and the Medical Device Regulation (MDR), or other European Union (EU) initiatives, are far too broad and too slow to respond to changing threats. The findings indicate a need for regulatory collaboration, scalable certification schemes, and better support for smaller municipalities.