In the event of an attack on the IT infrastructure in healthcare, for example in a hospital, rapid action is imperative. Log management tools offer effective help here, helping IT managers to track down attackers by consistently logging events on the IT systems.
The current industry-specific security standard for healthcare B3S KH therefore requires the central storage of log data from critical systems. Log files, i.e. small log files that document events in a granular manner, play a central role in the prevention and detection of malware attacks in healthcare, but also in the availability of important systems.
Central storage of log data from critical systems
On the other hand, one speaks of professional log management when log files are tamper-proof, pseudonymised and stored with a clear time stamp. With ProLog® from the manufacturer ProLog AG, IT security expert and value-added distributor ProSoft provides an intelligent solution for secure log management for the healthcare sector. Based on integrated functions, such as the reporting module, the tool enables data protection-compliant audit security in just four steps: from creating the logging concept, adopting the requirements in log management and integrating them into all systems, through documentation and alarming of relevant ones Events, right up to updating the reporting packages in the event of changes in the respective regulations.
The availability, integrity and confidentiality of the IT systems used as well as the authenticity of the information are an unconditional basic requirement for the desired "digitization in healthcare". As part of the improvement of the IT security systems used, however, the healthcare system is dependent on subsidies, as the investments often cause enormous costs. The hospital future fund, for example, includes a funding volume of 4,3 billion euros, more than two thirds of which is borne by the federal government. Eligible projects are technical and organizational measures (TOM) in the field of IT security that serve to prevent, detect or mitigate IT incidents. Prevention also includes professional log management. This offers the advantage that all legal and data protection requirements such as DSGVO, KRITIS, B3S, HIPAA are met. Through predefined reporting and alerting packages, the solution provides instant protection and alerts to warn of anomalies.
Audit security in just a few steps
Audit security is achieved in just four steps thanks to the upstream logging concept in combination with the compliance reports supplied. The focus here is on proving the underlying compliance such as ISO27001, GDPR, KRITIS, B3S, BAIT, Tisax, etc., and the required TOMs (technical and organizational measures) are also met through the use of the solution. If there are changes to the certifications, these are automatically updated by the manufacturer in the reports.
Step 1: Analysis & Logging
Certified ProLog® partners first identify, together with the customer, where sensitive data is stored in the IT infrastructure, how it is protected and which persons or processors can access it. In the ProLog® logging concept, all relevant IT components, applications, databases and people who have access to sensitive or personal data are listed in a table and their criticality is supplemented with regard to the protection goals of authenticity, availability, confidentiality and integrity.
Step 2: Transfer of the documentation to ProLog
The logging results can be transferred 1:1 to ProLog®. After the data has been accepted, the integrated reporting and alerting packages help to create the compliance and audit reports.
Step 3: Audit Security, Compliance Reports and Alerts
The requirements for IT security are increasing as digitization progresses. The GDPR applies to all companies and authorities that process and store personal data. In addition, the new version of the Federal Data Protection Act (BDSG) must be observed. With the integrated and ready-to-use out-of-the-box reporting and alarm packages, ProLog® supports proof of compliance with the applicable compliance requirements. By storing the log files securely, reports can also be created retrospectively, IT anomalies can be detected and cyber attacks can be forensically analyzed.
Step 4: Updates in the event of changes to the regulations
The report packages integrated in ProLog® are often valid across industries and can be used immediately. For hospitals, for example, there are reports that take into account the regulations that apply there. Changes in the regulations are adopted by the manufacturer in the report packages and alarms. The current report packages are available to customers free of charge.
More at ProSoft.de
About ProSoft ProSoft was founded in 1989 as a provider of complex software solutions in the large computer environment. Since 1994 the company has focused on network management and IT security solutions for modern, heterogeneous Microsoft Windows infrastructures, including Mac OS, Linux as well as mobile environments and end devices. The experts manage efficient software and hardware for corporations and medium-sized companies and have established themselves as specialists for IT security. In addition, as a value-added distributor (VAD), ProSoft supports manufacturers with the “go-to-market” and the launch of new solutions in the German-speaking part of Europe.