IT Security in Hospitals - Mastering Challenges | Try Free Antivirus

Cyber ​​criminals target not only the private sector but also critical infrastructure organizations such as hospitals. When it comes to IT security in hospitals, it is important to react specifically to specific challenges. It is not for nothing that the Federal Office for Information Security (BSI) warned in its management report on IT security against a lack of caution and possible consequences. Try our free antivirus to combat cybercrime.

Prominent Cases

Just recently, the BSI's management report clearly demonstrated that hospitals are interesting targets for attackers because of their social relevance and specific work processes. No area of ​​the critical infrastructure has sent more reports to the BSI than the health sector (they are legally obliged to do so in the event of IT disruptions). Among the top reasons for reporting: technical failure of the systems and cyberattacks that were tailored to the employees.

1.   Ransomware Suspends Emergency Operations

The ransomware attack on the University Hospital in Düsseldorf will be known in September 2020. The aim of such an attack is always to extort a ransom for the release of the systems. The blackmail Trojan that was smuggled into the Düsseldorf University Hospital encrypts 30 servers and not only paralyzes the IT systems but also the emergency operations for 13 days. Although encryption is removed quickly, it takes just under two weeks for all systems to be restored and secured. Particularly dramatic: This lengthy process means that urgently needed emergency care cannot be offered. The trip to a hospital in Wuppertal that is much further away costs a woman her life.

2.   WannaCry Cripples Medical Devices Around the World

Cyber ​​attacks on a hospital are so problematic not only because of the risk of data loss or misuse. The safety of patients can be specifically threatened. In 2017, the well-known ransomware WannaCry paralyzed dozens of clinics and other healthcare facilities. Patients are referred to the emergency room, the treatment of cancer and heart patients has to be suspended due to a lack of digital data. The Internet of Things is becoming more and more normal in hospitals as well: Many medical devices are connected to and with each other via the Internet. In such cases, the life of the person to be treated is specifically at stake, when cybercriminals gain access and control the entire network.

These Challenges Have to Be Mastered

1. Sensitive Health Information

The hospital has very sensitive health data. Patient files and the like are recorded, processed, and passed on within the hospital information system (HIS). Under no circumstances should these fall into the wrong hands. However, ensuring data protection is becoming increasingly complex due to the digitization of the healthcare system, e.g. in the form of electronic patient files. All employees who use the hospital information system must be made aware of attack scenarios and trained.

2. Internet of Things (IoT)

Digitization in hospitals does not end with electronic patient files. Many medical devices for monitoring and examination are now connected to the Internet and also to one another via the network. They often run on different operating systems and thus have specific security settings. Securing these complex, networked systems against enemy intrusion is an ongoing process that takes a lot of time and money.

3. Little Time and Capacity

Working in a hospital involves time-sensitive issues and assignments. At all levels of the hierarchy, from the chief physician to the administrative staff, there is just a calculated amount of time available for the individual concerns of the patients. The high level of exposure and stress fueled even further by COVID 19, require less prudent handling of IT systems. Urgent employee training courses that are precisely tailored to this need are often not yet on the agenda.

4. Outdated IT Infrastructure

To guarantee the security of IT, both employees and the infrastructure must be resilient. Many of the systems run around the clock, making changes and updates more difficult. Accordingly, backups are also rarely created. This can result in security gaps and in the event of a security incident it takes a long time to restore the systems. Finally, there is also a lack of money to replace outdated software with a more secure version. In many hospitals, the rule of thumb is "don't change anything while it's still running."

Also, do not forget to try our free antivirus.