IT Security in Hospitals | Overview and Outlook

IT Security in Hospitals | Overview and Outlook

According to the BSI report on the State of IT Security in Germany 2019, the number of reported IT security incidents in the reporting period from June 1, 2018 to May 31, 2019 for the KRITIS Sector Health is in third place in purely quantitative terms, with 47 reported IT security incidents. Most reported security incidents originate from the finance sector (60 cases), followed by IT+TK (59 cases).

And in the overall ranking of the Bertelsmann Stiftung's Digital Health Index, digitization in the healthcare sector in Germany is comparatively far behind in Group 4 of 4, in 16th place out of 17. One reason for this may certainly be the higher data protection regulations in this country, but there is also no uniform nationwide standard in Germany for certified IT security solutions and medical devices. There are many in Germany.

Nevertheless, we will have to deal with a large number of networked medical devices in the future. Respirators, defibrillators and pacemakers are already "smart" and able to collect and "communicate" data. In other words, to exchange data. This is traditionally done via interfaces and IT security is required for each of these interfaces. The number of these interfaces in the health sector is constantly increasing.

Companies in the healthcare industry that have reached or are close to reaching the CRITIS threshold are recommended to implement the industry-specific security standards, also known as B3S. According to the IT security law, those companies are considered Critical Infrastructure Protection (CIP) are obliged to provide special protection. The German Hospital Federation (DKG) has presented the B3S for this purpose, which applies to hospitals with a full inpatient case number of 30,000 or more per year. It aims to guarantee medical patient care, which includes IT as a fundamental part of this.

Important precautions that hospitals should take in the area of IT security - regardless of bed sizes and inpatient case numbers:

Network security

Firewalls in permanent use, securing wireless networks, encryption of external communication, network access controls, port management

Endpoint Security

Programs for detecting viruses and malware should be part of the basic equipment. In addition: measures for identifying unauthorized removable media and hard disk encryption

Protection of mobile devices

Securing WLAN connections, professional device, user and password management

Web security

Secure surfing, separation of intranet and internet, protection against harmful mail attachments, checking of potentially harmful attachments from office applications

Data security

Encryption and decentralized backup of databases

Protection of data and systems

Smartcards, two-factor authentication

General IT security recommendations for hospitals:

  • Separation of medical and non-medical networks
  • Increase interface security, especially in the HIS area
  • Separation of applications from the rest of the system
  • Secure connections to HIS and other systems
  • Secure, encrypted telematics infrastructure (secure electronic signatures, authentication, networking of various players) for the secure transmission of patient data between hospitals and registered doctors and therapists.

Outlook

  • Networking - Hospitals network with the other sectors via the telematics infrastructure. Secure communication across sector boundaries
  • NFDM (emergency data management) and eMP (electronic medication plan) - Medical applications of the telematics infrastructure arrive in the area
  • Emergency data (for emergencies and unknown patients) and electronic medication plan
  • ePA (electronic patient file) - Health insurance companies are obliged to offer their insured persons an electronic patient file from 1.1.2021 onwards. Insured persons in turn grant service providers access to their data - including hospital data
  • DiGA (Digital Health Applications) - Could be "prescribed” to patients

Legend

Critical Infrastructure Protection thresholds Health

  • 30,000 patients per year in the area of inpatient medical care
  • 90.68 million Euro annual turnover for production facilities of directly life-sustaining medical devices
  • 4.65 million packages per year for production facilities for prescription drugs and blood and plasma concentrates for use in or on the human body
  • 34,000 products per year for equipment and systems for the collection and processing of blood donations
  • 1.5 million transmitted orders/ findings per year in laboratory diagnostics

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.