IT Security in Hospitals - IT-Security in Hospitals — IT Security in Hospitals
Contact

Rethinking IT Security in Healthcare

Digitalization and connectivity open up great opportunities, but also pose significant risks to cybersecurity in hospitals. The number of malicious programs has been rising rapidly for years. All too often, professional cybercriminals encounter inadequately protected networks and careless users. The cases range from data theft to blackmail, sabotage and attempts to manipulate systems and devices. In order to ensure IT security in hospitals, a rethink is necessary on many levels. Effective protection against cybercriminals can only be achieved if everyone works together: system managers, software manufacturers, medical device manufacturers, users and data protection officers.

Security for medical devices - a shared responsibility

Our approach to medical device cybersecurity in hospitals

As medicine evolves, so do the information systems and technologies that contain patient data and support patient care. In our position paper on cybersecurity, we describe our systematic approach to product security and explain the measures implemented in our devices.

Download (PDF)

"Only one in five hospitals has an adequate data backup system."

Source: Krankenhaus Technik & Management, 3/2017, S. 26

IT security in hospitals

The digitalization of healthcare is progressing rapidly. Medical devices and systems are already increasingly being connected to networks. They should interact with each other and enable new clinical applications. These include decision support technologies, remote control functions and automated processes.

However, the basic prerequisite for this is a secure network environment. Cybersecurity in hospitals is necessary to ensure functionality and data protection. Hospitals are making massive efforts to secure their networks. As a manufacturer, we want to contribute to IT security in hospitals by offering products that are resistant to cyber-attacks and that can be securely integrated into the existing hospital network.

Get ahead of the attackers!

Fast exchange of information, automated processes, efficient processes: Modern hospital operations are inconceivable without networked information technology. The other side of the coin: Your hospital can also be targeted by cybercriminals at any time.

Hospitals have already fallen victim to cybercrime several times. The most common are ransomware blackmail attempts, in which important hospital data is encrypted and a high ransom in Bitcoins is demanded for the release of the decryption key. Simulated attacks have also shown that medical devices are often inadequately protected against manipulation. In addition to the danger to life and limb of patients, there is a risk of operational failures, financial losses, the loss of sensitive data and, last but not least, the loss of patient trust.

Take action before it's too late! Our cyber security experts will help you effectively protect your hospital against cyberattacks. Protective measures are also legally required for hospitals as operators of critical infrastructures in the field of healthcare: According to § 8a (in conjunction with § 2 para. 10 no. 1) of the Act on the Federal Office for Information Security (BSI Act*), operators of critical infrastructures are obliged to take appropriate organizational and technical precautions to protect their information technology. In the event of violations of data protection regulations, significantly higher fines of up to 2018 million euros or up to 20% of a company's total worldwide turnover of the previous year may be threatened in the future (with the entry into force of the EU General Data Protection Regulation in May 4) (Art. 83 EU GDPR).

BSI-Gesetz

Cybersecurity issues dominate ECRI's list of technological hazards in 2022

As cyberattacks on healthcare facilities continue to increase, measures to secure the hospital network are becoming increasingly important to ensure patient care and avert financial damage. The U.S. ECRI Institute's report on the top 10 health technology threats in 2022 looks at security risks to patients and patient data resulting from the rapid adoption of telemedicine, vulnerabilities in third-party software components, and remote operation of medical devices.

Download the report from the ECRI website

IT Sicherheit im Krankenhaus - Verschlüsselung von Patientendaten

Current threats

We provide you with security advisories on current threats on our Coordinated Disclosure Statement page.

Learn more

Infographic: Cyberattacks in General and in Healthcare

Scroll through below to see the global economic impacts of cyberattacks in general and in healthcare.

Global Malware Infection Rates in General

Costs of Cyberattacks Worldwide in General

Economic Impact of Global Cybercrime in Healthcare

Types of Cyberattacks in Healthcare

How Is Economic Damage Caused by Cyberattacks in Hospitals?

Cyberattacks in Healthcare: Examples of Global Occurences

Some of the Most Prominent Cyberattacks on US Healthcare Institutions

"We help you identify dangers – and do so safely. This gives you the opportunity to react accordingly."

Stefan Dräger

Our contribution to IT security in hospitals

IT-Sicherheit im Krankenhaus - Daten sicher versenden

Risk management in hospitals

For all questions regarding cyber security in your hospital, we are at your side as a competent and responsible partner. With our risk management, we help you to reliably meet your responsibility as well as the legal requirements.

Personal contacts for cyber security in hospitals
Structured risk management in five steps
Support of the smooth, computer-supported hospital routine
Patient and data security with connected medical devices
Compliance with the legal requirements according to §137 (guidelines and decisions on quality assurance), SGB 5
Support in the implementation of B3S in your hospital

Cybersecurity - IT Sicherheit im Gesundheitswesen

Providing secure solutions

Thanks to the comprehensive consideration of cyber security at every stage of the development lifecycle, our products meet the highest standards. The best proof: Dräger was the first provider of patient monitors to receive DIACAP accreditation from the US Department of Defense, and the Wi-Fi module of the Infinity M300 also received FIPS accreditation from the US federal government.

Evaluation of the privacy and data security of our solutions
Comprehensive threat and security analysis
Penetration tests by independent experts (white hats)
Safety training for all employees involved in the development lifecycle
Dedicated cyber security team that coordinates our engagement globally

Hospital staff doing documentation in an intensive care unit

Notification Office for Product Safety

There is no such thing as one hundred percent security when using IT in healthcare. But through a sense of responsibility and dialogue, the risks are decisively minimized. That is why we have set up a central reporting office for product safety, where researchers and users of medical devices can report their observations to us.

Supporting coordinated and responsible vulnerability disclosure
Prompt review of incoming reports by our security experts
Warnings and warnings about threat situations
Fastest possible correction of existing or potential vulnerabilities

Sicher denken. Sicher handeln. Sicher wachsen.

Think safely. Trade safely. Grow safely.

Dräger stands for the integrity and reliability of our products and services. We process personal data in accordance with applicable law and protect data and information, taking into account their criticality. We achieve the goal of our uniform data protection management and information security level by:

Implementation of a Group-wide harmonized level of data protection and information security processes
Implementation of defined responsibilities and information security organization based on processes
Identification and documentation of the appropriate level of protection of information
List of all activities in which personal data is processed in accordance with Article 30 GDPR
Specific communication and training concept for all employees
GAP analysis with regard to necessary data protection compliance and information security measures with regard to the documented level of protection
Establishment of monitoring and reporting standards to control the level of data protection and information security
Monitor the successful implementation of identified and approved privacy and information security mechanisms and tools

Do you have questions about cyber security?

Our security experts will be happy to advise you. Please fill out the contact form. We will get back to you.

Contact

Useful information

Our position paper on hospital cybersecurity

In our position paper on cybersecurity, we describe our systematic approach to product security and explain the measures implemented in our devices.

Download (PDF)

How Dräger helps make your hospital safe

How Dräger will help keep your hospital safe

At Dräger, we are constantly striving to implement best practices in the field of cybersecurity. Learn more about how we've made comprehensive cybersecurity considerations at every stage of the product development cycle.

Download (PDF)

Engagement für die Sicherheit von Informationen im Gesundheitswesen

Committed to keeping healthcare information secure

At Dräger, we know that maintaining a secure network is a team effort. Learn more about our commitment to improving cybersecurity in healthcare.

Download (PDF)

How to ensure secure connectivity

Learn how we help minimize vulnerabilities and potential points of attack for hackers. Learn more about how we will create a secure flow of data between medical devices in the future.

Download (PDF)

Clinical Network and Data Management Systems

We offer you comprehensive solutions to increase the cyber security of your hospital: from patient data management systems (PDMS) and secure data interfaces to consulting and service. Trust in our more than 20 years of experience in the development and application of networked medical technology.