- Hospitals increasingly subject to IT attacks
- End-to-end IT security concepts to minimize liability and security risks
The reasons for the enormous vulnerability of IT infrastructures in hospitals are as diverse as they are precarious. The blame falls on insufficient hardware capacities, obsolete operating systems and processes, staff shortfalls and budget limitations. Many clinics have submitted concrete applications for investment support from state governments, but in the meantime the onus is on hospital operators to take measures to systematically prevent unauthorized access to their IT networks.
Maintaining IT Security Standards in Hospitals
Simple organizational measures such as a comprehensive security assessment are a first key step in effectively minimizing liability and security risks. “Here the foremost objective is to define potential vulnerabilities, to identify concrete security risks associated with them, and to determine protection needs on the ground”, says Martin Schlüter, Head of the e-Health Segment at exceet Secure Solutions AG, in outlining the proven approach.
Industry-specific requirements are provided by the norm group DIN EN 80001-1, analog to ISO 27001: 2013 and the Basic IT Protection Principles developed by the Federal Agency for Information and Security Technology (BSI). Risk management based on these standards hays been a reliable tool for providers of medical IT networks for years, and specialists from exceet have successfully applied it in a wide range of healthcare projects.
Benefits for Hospital Operators and Compliance Officers
exceet provides support in preparing an individual risk management strategy, but also in realizing such a scheme from a technical point of view. This includes the introduction of network access controls, the installation of firewalls and the establishment of an endpoint security instance, and also extends to the selection of appropriate security hardware and software components. Compliance officers and hospital operators thus benefit from an end-to-end solution portfolio that safeguards the security of patient files and the effectiveness of medical data within hospital workflows, and protects data and systems security from attack while maintaining due diligence obligations in crisis situations.
For further information on DIN EN 80001 and ISO 27001, please refer to our White Papers at: http://www.exceet-secure-solutions.de/en/company/downloads/