The Health Situation Report 2022 from the BSI shows: The security situation in the network of the telematics infrastructure (TI) is very secure thanks to strict specifications. But what about IT security in medical practices? The BSI starts new research projects.
The strict controls and specifications of the telematics infrastructure have ensured that the number of security incidents in this area is very low. The Health Situation Report 2022 from the BSI shows the structure and specifications of the telematics infrastructure. The security situation in the connected networks, such as that of the doctor's office, has hardly been recorded, although it is essential for the processing of sensitive health data and patient safety.
BSI: Security project check for medical practices
🔎 Cyber security in healthcare 2022 (Image: BSI).
For this reason, the Federal Office for Information Security - BSI for short - started three new projects to take a closer look at the current IT security in medical practices.
Project 1: CyberPraxMed
The aim of the CyberPraxMed project is to use a survey to record the network structure and the equipment in typical medical practices and to assess the security risks. In particular, a statistic should answer the question of how often the connector is in parallel operation with a private, conventional router and is therefore unable to fully develop its protective effect.
In addition, the technical expertise in the area of IT security of the staff, the doctors and any IT service provider commissioned should be determined. In addition, correlations of IT security with the size of the practice, the type of practice and the geographical location are to be examined.
Project 2: SiPra
In addition to the survey of security in medical practices, the SiPra project is dedicated to the IT security of practice management systems (PVS). The aim of this project is to provide an assessment of the safe operation of various market-relevant PVS. This should be written in the form of an up-to-date overview of the German market situation, including the current IT security precautions from PVS and configuration recommendations for service providers.
The two projects are supplemented by a survey started in 2023 as part of the SiRiPrax project. This project is based on the BSI’s special statutory task of regularly assessing and adapting the IT security guideline in accordance with Section 75b SGB V, which was drawn up in 2020 together with the National Association of Statutory Health Insurance Physicians and the National Association of Statutory Health Insurance Dentists (KBV, KZBV). The aim is to sustainably strengthen IT security for resident doctors, dentists and psychotherapists.
Project 3: Online survey
With the help of an online survey in medical practices, the implementation of the requirements from the IT security guideline according to § 75b SGB V and the possible implementation difficulties are surveyed. At the same time, basic parameters for the IT security of the participating practices are analyzed. The results serve to further develop the guideline and to formulate concrete recommendations for action for service providers.
The results from these three projects enable the BSI to improve IT security in medical practices in a targeted manner through appropriate recommendations and specifications and thus make an essential contribution to the digitization of the healthcare system.
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.