The increasing frequency of cyberattacks in our time makes it abundantly clear: cyber threats are an ever-present danger with potentially severe consequences. Now is the perfect time to take your protection to the next level.
A look at the current situation.
More than one cyberattack per minute.
In Germany, a cyberattack occurs every 39 seconds – and the trend is rising. Without adequate security systems in place, the consequences can be severe. The attacks in Berlin and Wittenberg have demonstrated this. Admission processes, emergency department operations, laboratory tests, email communication, Wi-Fi access – almost everything ground to a halt. Processes suddenly took six times as long as normal. The economic damage is easy to imagine.
Reaction times are too slow.
According to one study, organisations take an average of more than 200 days to detect a cyberattack. Yet it is precisely the first phase of an attack that is the most critical. During this time, countermeasures must be initiated in order to contain the damage.
New legislation demands greater protection.
In 2023, legislators responded to growing threats with new regulatory requirements. Operators of critical infrastructure in Germany have been required to deploy an attack detection system since 1 May 2023. Austria has also responded: organisations there must implement similar measures in accordance with the requirements set out in the Network and Information Systems Security Act (NISG) and the NIS Regulation. In Switzerland, the National Cybersecurity Centre (NCSC) has recommended the use of a Security Operations Centre.
Cybersecurity in hospitals.
Critical infrastructure – critical problems.
Many hospitals are now classified as critical infrastructure (KRITIS). This means their IT security is not only of vital importance to hospital operations – public health and safety also come under threat in the event of a cyberattack.
Unfortunately, increasing digitalisation also provides a larger attack surface for cybercriminals. All the more reason why the wide-ranging challenges in this area must be addressed as soon as possible.
3 major challenges.
Sensitive data.
Challenge 1:
A digitalised hospital sector brings one thing above all else – a vast amount of sensitive data, such as patient data falling under the EU General Data Protection Regulation (GDPR) and the German Patient Data Protection Act – making it a prime target for hackers. For this reason, cyberattacks are expected to become ever more frequent and complex. Reports suggest that their number has already more than tripled in recent years.
Outdated IT infrastructure.
Challenge 2:
Many hospitals still rely on medical technology and IT systems that are far removed from the current state of the art. This not only makes updating systems more difficult, as certification requirements cannot be met – the older the infrastructure, the greater the security vulnerabilities. Missed modernisation effectively opens the door to cyberattacks.
Shortage of skilled professionals.
Challenge 3:
A large number of qualified IT security professionals would be needed to meet the demands of our time. Unfortunately, the shortage of skilled professionals stands in the way. As a result, requirements can often only be implemented at a sluggish pace – leaving cybercriminals rubbing their hands.
3 ways to greater security.
Security in communication, data storage, and exchange.
Approach 1:
Efficient cybersecurity management not only improves the protection of patient data – it also ensures secure data exchange between hospitals, physicians, and external parties. This allows a number of security vulnerabilities to be addressed. Through technical cybersecurity solutions such as attack detection systems and vulnerability scanners, the level of cyber resilience can be continuously improved.
ISMS for greater resilience.
Approach 2:
Cyberattacks cannot be prevented – but resilience against them can be strengthened. An Information Security Management System (ISMS) compliant with standards such as ISO/IEC 27001 can help achieve this. The ISMS ensures that responsibilities are clearly assigned and security processes are managed efficiently.
Government funding.
Approach 3:
Thanks to the Hospital Future Act (KHZG), every hospital can secure government funding for the modernisation of its IT infrastructure and security measures. This means that even financially less well-resourced institutions can contribute to greater security.
The current legal landscape.
More regulation for greater security.
Sensible Daten, die in IT-Systemen von Krankenhäusern verarbeitet und ausgetauscht werden, bedürfen besonderem Schutz. Hinzu kommt, dass Krankenhäuser heutzutage auch aus gesetzlicher Sicht als kritische Infrastrukturen gesellschaftliche Verantwortung tragen. Für mehr Sicherheit wurden nun verschiedene Gesetze erlassen. Hier finden Sie einen kleinen Überblick.
Patient Data Protection Act (PDSG).
This act, already enacted in 2020, requires all hospitals in Germany to implement appropriate IT security measures, with the aim of better protecting patient data. The act is closely aligned with the sector-specific security standard (B3S) of the German Hospital Federation. This standard obligates hospitals, on the one hand, to introduce an Information Security Management System (ISMS) and, on the other, to regularly review and update security measures.
KRITIS Regulation (KRITIS 2.0).
From 30,000 fully inpatient cases per year, a hospital is classified as critical infrastructure and must comply with even stricter regulations. These include the implementation of attack detection systems such as Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) systems. In addition, security incidents must be reported to the Federal Office for Information Security (BSI). These rules are intended to ensure that cyberattacks cannot incapacitate hospitals that form part of the critical infrastructure.
Hospital Future Act (KHZG).
The KHZG provides for government funding to be made available to hospitals for digitalisation, including IT security measures. A prerequisite is that the hospital in question submits a legally compliant IT security concept, which must include, for example, measures for securing networks and defending against cyberattacks.
Get in touch now and secure your benefits!
We look forward to getting to know you.
Selected clients and partners.
Tailored solutions for complex challenges.
Every project brings unique challenges. Since 2001, we have met each one with individually tailored solutions. Thanks to this combination of experience and expertise, our clients can always rely on x-tention. We are grateful for the trust placed in us – and present here some of our successful projects.
View all
Universitätsmedizin Baden-Württemberg setzt auf x-tention für ihre Cybersicherheit
Read more about the project ...
x-tention gewinnt bedeutende SOC/SIEM-Ausschreibung des Klinikums Dortmund
Related Products.
A comprehensive portfolio for healthcare
As a provider of full-service solutions, we address all our clients' eHealth needs. Explore the diversity of the x-tention solution portfolio!
Our focus topics may also interest you.
Innovative solutions for your current challenges
As an innovative company, the group stays at the forefront of industry developments. Here we discuss current industry topics – and the solutions we bring to address them.