Many German hospitals are not yet sufficiently protecting their IT systems against cyberattacks. What they need is a holistic cyber defense approach that covers the entire security lifecycle.

Here is a nightmare for every patient: The cardiologist must interrupt endoscopic surgery of the heart, because data on the small camera inside the artery is no longer transmitted to the central server and onto the screen in the operating theater. Hackers have infiltrated malware and paralyzed the IT system. Sound like an unimaginable scenario? Not at all.

Only in February this year, several German hospitals found themselves in the media because of hacker attacks in the headlines, including the Lukas Hospital in Neuss or clinics in Winterberg, Wesel or Arnsberg. Since we have to expect an increase in cyberattacks, hospitals should review their IT security strategies and modernize.

The aim must be a holistic cyber defense strategy

As in all businesses, hospitals are not guaranteed 100% security. Hospitals should identify the existing weaknesses and establish a cyber defense strategy that increases their level of maturity continuously. What is important is a holistic approach. This includes the control and protection of endpoints, a proactive defense and early detection of threats as well as an incident response plan for responding to emergencies and increasing staff awareness of potential risks.

The first step in the implementation of a holistic cyber defense strategy is the Risk Assessment (Risk Insight). Each hospital has an individual risk profile, which can be determined by a classification and risk assessment of sensitive data and processes. To discover vulnerabilities for potential attacks, clinics should also carry out targeted penetration and vulnerability tests in addition to the classic security assessments such as the Risk Insight Analysis of NTT Security.

Look out for part two of my blog post on how to prevent data leakage in healthcare.