Health IT Security Body (OSIS)

The Health IT Security Body (Organe de sécurité informatique en santé - OSIS) was created by the Ministry of Health as part of the national cybersecurity strategy. It is tasked with facilitating the exchange of information on cybersecurity among the various stakeholder organisations.

OSIS's membership is composed of representatives from the Ministry of Health, and a representative from the government agency INCERT.

OSIS's remit

1. Draw up general guidelines on the implementation of cybersecurity in hospitals, and in 'transversal' organisations – such as LUXITH or eSanté – with the aim of harmonising:
   • IT security practices; and
   • IT security project management.
2. Draw up specific guidelines on the implementation of cybersecurity in hospitals, and in 'transversal' organisations, with the aim of harmonising the introduction, management, support and maintenance of Security and Information Event Management (SIEM) components, and of a sector-specific Security Operations Centre (SOC).

Cybersecurity Steering Committee

The Cybersecurity Steering Committee was set up by the Ministry of Health to support OSIS in fulfilling its remit. Its membership is composed of representatives from the Ministry of Health, the National Health Fund (Caisse nationale de santé - CNS), eSanté, the Federation of Luxembourg Hospitals (Fédération des hôpitaux luxembourgeois - FHL), and LUXITH. Depending on the issues being addressed by OSIS, the latter may extend the committee's scope of action on an ad hoc or permanent basis.

Role of the Cybersecurity Steering Committee

1. Propose cybersecurity guidelines to OSIS.
2. Support stakeholder organisations in implementing the guidelines issued by OSIS, with the aim of:
   • harmonising best practices;
   • pooling resources; and
   • ensuring that all stakeholders have access to the same information.