Hacker attacks on hospitals – some of which disrupting the entire running of the hospital for days on end – have demonstrated that IT security in the healthcare sector is in urgent need of improvement.
IT security in hospitals is not always great, as evidenced in Kleve and Kalkar and elsewhere in 2016, for example. Most recently, an e-mail attachment opened at Lukas Hospital in Neuss infected the hospital’s internal network with a virus. The hospital had to shut down its entire system and reschedule operations. According to a survey conducted by Rochus Mummert, 82% of hospitals have consequently reviewed their IT security . New evidence has shown that it’s not just patient data and administrative departments that are vulnerable in a large number of hospitals: White hats from the Internetwache.org project found that were able to log into the entire building services of Klinik Gut hospital in Fläsch, Switzerland . The hackers tracked the security gap to warn the hospital.
The incidents back in 2016 were clear confirmation that the new German IT Security Act had been justifiable in significantly tightening the legal requirements governing critical infrastructures. The concrete requirements hospitals must meet are now to be set out in an ordinance for the implementation of the IT Security Act in the healthcare sector , currently in the course of preparation.