Posts

IT Sicherheit in Krankenhäusern

How secure is IT in our hospitals?

Digiti­sation poses IT security challenges for hospitals

Cloud computing, networked commu­ni­cation, virtual teamwork — digiti­sation offers hospitals and other healthcare facil­ities enormous potential for optimi­sation. The effects on the profitability of medical facil­ities and on patient care are sustainably positive. If it weren’t for IT security. How well protected are healthcare networks? Can sensitive data be lost during trans­mission or in the course of collab­o­ration? Or even worse: be inter­cepted? Can IT security in hospitals keep pace with the tempo of digital­i­sation?

Protection of sensitive patient infor­mation is required

If one thinks about the most sensitive data of a society, then patient infor­mation certainly belongs to it. The need for protection is therefore partic­u­larly high. In the meantime, the legis­lator has also recog­nised this and created a clear legal situation. At the latest, IT security in the healthcare sector will become a playing field for liability risks and claims for damages. This is why IT security is a top priority in hospitals. Several hospitals have already painfully discovered that absolute security can hardly be achieved. In particular, the attack with the ransomware “Wannacry” in 2017 had an enormous impact on hospital IT worldwide. Exami­na­tions had to be postponed, opera­tions had to be cancelled and the financial damage was immense.

The electronic patient file, telemed­icine and cross-sector infor­mation logistics make it extremely demanding to manage data securely. But IT security is no longer just a technical issue. It also concerns the awareness of the employees, the inten­sified data protection and the growing require­ments of the legis­lator. Examples are the Medical Devices Ordinance (MDR) and the audits according to § 8a of the BSI Act.

SRC expert Dr. Deniz Ulucay talks to the KU Gesund­heits­man­agement Magazine

In an interview with Birgit Sander, editor of KU Gesund­heits­man­agement Magazine, Dr. Deniz Ulucay, SRC expert for IT security in healthcare, gives detailed insights into potential threat scenarios and adequate defense strategies. The title of the article asks: “How secure is IT in our hospitals? It can be downloaded here (German).

BarCamp “Infor­mation Security Management in Credit Insti­tu­tions” — 19 September 2019

In cooper­ation with SRC Security Research & Consulting GmbH, Bank-Verlag GmbH hosts a BarCamp on the subject of “Infor­mation Security Management in Credit Insti­tu­tions”. The event will take place on 19 September 2019 at the premises of Bank-Verlag in Cologne.

The Federal Financial Super­visory Authority (BaFin) has also defined the new function of the Infor­mation Security Officer with the “Banking Super­visory Require­ments for IT” (BAIT). He or she controls the infor­mation security process and reports directly to management. What this theory looks like in practice will be examined in more detail on 19 September at the BarCamp “Infor­mation Security Management in Credit Insti­tu­tions”.

The BarCamp Principle

A BarCamp is an open conference with practical workshops. The workshops serve the exchange and discussion among the partic­i­pants. At the beginning, the partic­i­pants themselves develop the contents and the agenda, which they then develop further. There are no prede­fined speakers or proce­dures to be found in a BarCamp. Instead, this principle relies on the (moderated) exchange of experience.

BarCamp “Infor­mation Security Management in Credit Insti­tu­tions

The BarCamp “Infor­mation Security Management in Credit Insti­tu­tions” gives Infor­mation Security Officers as well as all those respon­sible for infor­mation and IT security management at credit insti­tu­tions the oppor­tunity to exchange infor­mation on topics such as BAIT audits, service provider management or risk management. In addition, contacts can be estab­lished and expertise expanded. The coffee breaks can be used for individual discus­sions. At the end of the event, a “get-together” provides an in-depth exchange among the partic­i­pants.

The SRC Speakers

Four experts from different areas of SRC will share their knowledge and expertise with the partic­i­pants.

Sandro Amendola, deputy head of the evalu­ation body at SRC, is respon­sible for the topic “IT compliance in the banking industry”. In addition, he develops security concepts and security require­ments for payment trans­action proce­dures on behalf of the German banking industry, among others.

Jochen Schumacher is respon­sible for commu­ni­ca­tions at SRC. He concen­trates on product management, the technical and editorial support of the website as well as the planning, imple­men­tation and moder­ation of events.

Florian Schumann is Head of IT at SRC. In addition, he is an infor­mation security consultant and qualified auditor according to § 8 (a) BSIG for critical infra­struc­tures.

Dr. Deniz Ulucay works at SRC as a consultant for infor­mation security. His focus is on the devel­opment of ISMSs, in particular for operators of critical infra­struc­tures. He is also respon­sible for the devel­opment and imple­men­tation of security concepts.

Regis­tration & Schedule

Further infor­mation about the regis­tration and the course of the BarCamp on the topic “Infor­mation security management in Credit Insti­tu­tions” can be found in this flyer (GER) and on the website of Bank-Verlag. Here you can register directly online for the event and bring in the topics that are important and inter­esting for you and thus help to determine the course and outcome of the BarCamp “Infor­mation Security Management in Credit Insti­tu­tions”.

For further questions Mrs. van Kessel is at your disposal (Tel. 0221/5490–161, andrea.vankessel(at)bank-verlag.de).