BSI: IT security check of medical practices

Share post

The Health Situation Report 2022 from the BSI shows: The security situation in the network of the telematics infrastructure (TI) is very secure thanks to strict specifications. But what about IT security in medical practices? The BSI starts new research projects.

The strict controls and specifications of the telematics infrastructure have ensured that the number of security incidents in this area is very low. The Health Situation Report 2022 from the BSI shows the structure and specifications of the telematics infrastructure. The security situation in the connected networks, such as that of the doctor's office, has hardly been recorded, although it is essential for the processing of sensitive health data and patient safety.

BSI: Security project check for medical practices

🔎 Cyber ​​security in healthcare 2022 (Image: BSI).

For this reason, the Federal Office for Information Security - BSI for short - started three new projects to take a closer look at the current IT security in medical practices.

Project 1: CyberPraxMed

The aim of the CyberPraxMed project is to use a survey to record the network structure and the equipment in typical medical practices and to assess the security risks. In particular, a statistic should answer the question of how often the connector is in parallel operation with a private, conventional router and is therefore unable to fully develop its protective effect.

In addition, the technical expertise in the area of ​​IT security of the staff, the doctors and any IT service provider commissioned should be determined. In addition, correlations of IT security with the size of the practice, the type of practice and the geographical location are to be examined.

Project 2: SiPra

In addition to the survey of security in medical practices, the SiPra project is dedicated to the IT security of practice management systems (PVS). The aim of this project is to provide an assessment of the safe operation of various market-relevant PVS. This should be written in the form of an up-to-date overview of the German market situation, including the current IT security precautions from PVS and configuration recommendations for service providers.

The two projects are supplemented by a survey started in 2023 as part of the SiRiPrax project. This project is based on the BSI’s special statutory task of regularly assessing and adapting the IT security guideline in accordance with Section 75b SGB V, which was drawn up in 2020 together with the National Association of Statutory Health Insurance Physicians and the National Association of Statutory Health Insurance Dentists (KBV, KZBV). The aim is to sustainably strengthen IT security for resident doctors, dentists and psychotherapists.

Project 3: Online survey

With the help of an online survey in medical practices, the implementation of the requirements from the IT security guideline according to § 75b SGB V and the possible implementation difficulties are surveyed. At the same time, basic parameters for the IT security of the participating practices are analyzed. The results serve to further develop the guideline and to formulate concrete recommendations for action for service providers.

The results from these three projects enable the BSI to improve IT security in medical practices in a targeted manner through appropriate recommendations and specifications and thus make an essential contribution to the digitization of the healthcare system.

More at BSI.Bund.de

 


About the Federal Office for Information Security (BSI)

The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.


 

Matching articles on the topic

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more

Backup for Microsoft 365 – new extension

A simple and flexible Backup-as-a-Service (BaaS) solution extends data backup and ransomware recovery functionality for Microsoft 365, reducing downtime ➡ Read more