Our Senior Cyber Security Consultant Dr. Andreas Knüttel.
Why is Prof. Dr. Andreas Knüttel, Senior Cyber Security Consultant at QUANTUM cyber lab AG? There are few people in Germany who, like Dr. Knüttel, recognized the dangers of the digital world at an early stage and also became actively involved in combating these sources of danger. He did this most actively in hospitals in northern Germany. There, he built a defensible security infrastructure and helped the Klinikum Region Hannover become a safe haven where not only patients are healed, but also data is secure. After many years of devoting his time, knowledge and energy to helping businesses, Dr. Knüttel turned to teaching. "I'm simply fulfilled by training young people who will protect us," said Dr. Andreas Knüttel, referring to his employment at the Hamburg Police Academy College. There, the native of northern Germany is employed in a (substitute) professorship for applied computer science and thus trains upcoming criminalists in the use of information technologies.
Dangers to patient data
Yesterday, Thursday May 12, was again the International Day of Care, especially in times of pandemic, the employed of all hospitals worldwide proved how quickly you could work together in the digital age. In record time, the virus and its mutants were described and also quickly various pharmaceutical companies were able to provide vaccines. However, newspaper articles about hacked hospitals did not slow down. Hospitals were particularly often affected by ransomware attacks. And it revealed what our Senior Cyber Defense Architect and other experts had been saying for years: hospitals are almost defenseless against cyberattacks. Conversely, this means the following: highly sensitive data such as addresses, payment information, other data are easy prey for black-hats, malicious hackers.
Politicians reacted, albeit belatedly, and so the Patient Data Protection Act, abbreviated PDSG, came into force in October 2020. The PDSG regulates IT security in all hospitals. Particularly exciting for IT security in hospitals is the new §75 c SGB V, Social Code V, created by the PDSG, which states the following: "From 1. January 2022, hospitals are obliged to take appropriate organizational and technical precautions in accordance with the state of the art to prevent disruptions to the availability, integrity and confidentiality as well as the other security objectives of their information technology systems, components or processes that are decisive for the functionality of the respective hospital and the security of the processed patient information" and in the next paragraph: "Hospitals can fulfill the obligations under paragraph 1 in particular by applying an industry-specific security standard [B3S] for the information technology security of health care in hospitals in the currently valid version." What is the consequence of this law? The consequence sounds simple, as of January 1, 2022, all hospitals, unless they have another ISMS, information security management system, must have implemented the described B3S for healthcare.
Every industry has its standards and so does IT security. Since the PDSG was passed, hospitals must adhere to DIN/IEC 80001. But what exactly does this standard say? It describes risk management in the operation of IT systems in hospitals. The security objectives of the standard include, among other things, the security of patients, users and third parties. But also the data protection and other goals, which are located within hospitals and hospital groups. IEC 80001 also requires the following: to include a risk management and a Med-IT risk manager. Likewise, processes for monitoring and change protocols on the IT system must be defined and implemented.
Since hospitals will not only be these targets in the current, pandemic situation, but even when the Corona pandemic has subsided, hospitals will continue to be targeted. The reason for this is simple, in the depths of their systems lie the data of countless people and thus the prey that hackers are after. Therefore, all hospitals and hospital groups are well advised to comply with the legal requirements and standards, if not already fulfilled, as soon as possible and to take further precautions - such as implementing a SOC solution in their system. A SOC, short for Security Operation Center, monitors the system separately and reports possible intrusions from external perpetrators to the system administrator so that countermeasures can be initiated promptly and attackers and possible malware infected files can be isolated.
We would like to thank our Senior Cyber Security Consultant Dr. Andreas Knüttel for taking the time. Do you have questions about how to protect yourself from hacker attacks or how to proceed if you suspect that an attacker is in your system, or do you have general questions about the services of QUANTUM cyber lab AG? Then contact our specialists today. We will be happy to advise you in detail.
Contact us now