eHealthNews.eu

Welcome to #1 European eHealth News Portal.

Not a subscriber yet?
Stay updated on the latest eHealth News and eHealth Jobs. Subscribe now, it's free!

Cybersecurity in Hospitals: Critical Infrastructure Directive Improves Security Standards

conhIT 201817 - 19 April 2018, Berlin, Germany.
The digital transformation of the healthcare system has resulted in cyberattacks growing too. Many will be able to recall the WannaCry attack on UK hospitals in May 2017. Only recently in Latvia the electronic health system, which among other things generates paper-free prescrptions, fell victim to a DdoS attack on its website. What does that mean for hospitals in the future?

It is basically very difficult to determine how many health institutions have already experienced problems with IT security. Events are rarely made public because reputations are at stake. A hospital study by the consultants Roland Berger estimated that 64 per cent of hospitals in Germany had at some point been victims of cyberattacks. However, according to Christoph Isele, head of AG Data Protection & IT Security at the German Association of Healthcare IT Vendors and product manager at Cerner Health Services GmbH, the threat to the health industry is no greater than anywhere else. Even WannaCry was an indiscriminate attack with no specific target. "The health sector is especially challenging because it is so diverse and complex. Depending on the sector, a variety of different specialists create software products that are tailored to specific needs. Such an IT infrastructure is more difficult to protect than perhaps a production plant."

Compared to IT security in other countries, Frederik Humpert-Vrielink, managing director of CETUS Consulting GmbH, sees Germany as ranking somewhere mid-table. "As regards the infrastructure threat, our low interconnectivity means we are still quite safe. However, in the future this is where we can expect a greater threat. Application security is lagging behind. Until now, that is something designers of hospital and medical systems have put too little emphasis on, or not at all."

Health Security Pavilion at conhIT

At conhIT - Connecting Healthcare IT, which will be taking place from 17 to 19 April on the Berlin Exhibition Grounds , CETUS Consulting GmbH will be hosting a combined stand at the Health Security Pavilion with selected partners in order to raise awareness among health industry decision-makers for how important IT security is. "Every hospital is dependent on information processing for its core activities", says Frederik Humpert-Vrielink. At the Health Security Pavilion the focus was therefore on multi-layer security concepts. The key was to manage security in general, as well as integrating medical systems and external players, resident practitioners, for example. ”We will also be mirroring the structures of the 'hospital of the future', said Humpert-Vrielink. "The main topics will be protecting against network attacks, securing medical systems, and linking with external communication partners."

The growing number of networks in inpatient medical care as well as those connecting inpatient and outpatient sectors presented opportunities as well as risks. On the one hand digitalistation and standardisation made processes more efficient, on the other hand, networked systems were more vulnerable to attacks, he said. "Standardisation is a curse and a blessing all at once", said Humpert-Vrielink.

Industry standards - a blueprint

This applies in particular to hospitals with more than 30,000 inpatients per year. They are part of the critical infrastructure and thus very important for providing medical care. The directive which came into force on 30 June 2017 states that hospitals which are part of the critical infrastructure must adopt state-of-the-art IT security measures and provide evidence of their implementation through a security audit or certification procedure by the end of June 2019. Furthermore, so-called 'industry-specific security standards (B3S)' are currently being developed by the Medical Care Working Group.

According to Christoph Isele, these industry standards could also serve as examples of best practices for institutions that are not impacted by the directive. The introduction of an information security management system (ISMS) was recommended for all hospitals, he added. "Furthermore, one should appoint an IT security officer to assess the security situation and make suggestions", said Isele. Bringing in outside experts could also help. In that respect, the legal situation has improved since late 2017. "Until recently, it was not easy to obtain IT providers' services. As a result of changes to § 203 of the penal code (StGB) legal certainty now exists for hospitals and providers."

IT security requires investment in infrastructure and personnel

According to the hospital study by Roland Berger, 91 per cent of hospitals spend less than 2 per cent of their turnover on IT. However, without the necessary investment any improvements to IT security become difficult. It was not always a question of purchasing software and hardware, said Frederik Humpert-Vrielink from CETUS Consulting. "The best precaution is to have capable co-workers who are aware of information and IT security issues and can use their knowledge where it is best needed. Thus, hospitals should invest in education and advanced training, as technology is only as good as those who use it."

At conhIT - Connecting Healthcare IT 2018 IT security will be one of the key topics. The following are just some of the events that will be addressing these issues:

  • Congress session 10: 'Information Security in the Clinical Environment' (18 April 2018; 11.30 - 1.30 p.m.)
  • Congress session 14: 'Electronic Health Record Systems from the Perspective of Data Privacy' (19 April 2018; 9.30 - 11.00 a.m.)
  • Academy: 'Understanding and Applying the EU Data Protection Directive' (18 April 2018; 9.00 a.m. - 1.00 p.m.)
  • Networking Event: ’Focus on Data Protection in the Healthcare System: the DSGVO in Practice' (19 April 2018; 1.00 - 2.15 p.m.)
  • Tour of the fair: IT security (18 April 2018; 5.00 - 6.00 p.m.)
  • Health Security Pavilion (17 - 19 April 2018)

For further information, please visit:
http://www.conhit.com

About conhIT - Connecting Healthcare IT

conhIT targets decision-makers in IT departments, management, in the medical profession, nursing, doctors, doctors' networks and medical care centres who need to find out about the latest developments in IT and healthcare, meet members of the industry and make use of opportunities for high-level advanced training. As an integrated event, over a period of three days conhIT combines an Industrial Fair, a Congress and Networking Events that are of particular interest to this sector. Launched in 2008 by the German Association of Healthcare IT Vendors (bvitg) as the meeting place for the healthcare IT industry and organised by Messe Berlin, this event recently recorded over 500 exhibitors and around 9,500 visitors and has now become Europe's leading event for the healthcare IT sector.

conhIT is organised in cooperation with the following industry associations: the German Association of Healthcare IT Vendors (bvitg), the German Association for Medical Informatics, Biometry and Epidemiology (GMDS), the German Association of Medical Computer Scientists (BVMI). The National Association of Hospital IT Managers (KH-IT) and the Chief Information Officers of University Hospitals (CIO-UK) provide contributions on the subject matter.

Most Popular Now

Open Call SC1-DTH-01-2019: Big Data and …

Currently available methods and strategies for diagnosis and treatment of cancer help clinicians continuously improve quality of care and prevent cancer deaths in the population. Accurate risk assessment, availability of...

Cerner Selected for NHS Framework to Sup…

Integrated Care Systems (ICS) and Sustainability and Transformation Partnerships (STPs) aim to deliver the best possible quality of health and care, shift to value-based care and proactively improve outcomes for...

Brainlab and Magic Leap Partner in Digit…

Brainlab has announced a strategic development partnership with Florida-based Magic Leap, a developer of proprietary spatial computing solutions that help users enrich their real world experience by integrating digital content...

The Merck Accelerator Program 2019

The Merck Accelerator is looking for real partners so that you can work together in shaping the future. With programs in the headquarters in Germany, in China and the Satellites...

Whole-Brain Connectome Maps Teach Artifi…

Medical University of South Carolina (MUSC) neurologists have developed a new method based on artificial intelligence that may eventually help both patients and doctors weigh the pros and cons of...

MEDICA 2018: The Starting Block for Many…

12 - 15 November 2018, Düsseldorf, Germany. MEDICA, the world’s leading medical trade fair in Düsseldorf which attracts over 5,000 exhibitors from around 70 countries, is becoming an even bigger hotspot...

MEDICA 2018 Presents the Future of Medic…

12 - 15 November 2018, Düsseldorf, Germany. Artificial intelligence, Big Data or IoT (Internet of Things) - we would be hard pressed to find a sector that doesn’t have these terms...

Artificial Intelligence for Health: ITU …

The ITU Focus Group on 'AI for Health' (FG-AI4H), created in collaboration with the World Health Organization (WHO), has issued a Call for Proposals to identify compelling use cases of...

Siemens Healthineers and STORZ MEDICAL P…

On the occasion of the 70th annual congress of the German Society for Urology, DGU, Siemens Healthineers and STORZ MEDICAL have announced plans to enter into a sales partnership agreement...

Spinal Cord Stimulation, Physical Therap…

Spinal cord stimulation and physical therapy have helped a man paralyzed since 2013 regain his ability to stand and walk with assistance. The results, achieved in a research collaboration between...

Sandoz Healthcare Access Challenge #Sand…

Sandoz, the Novartis generics and biosimilars division, today announces the launch of the second Sandoz Healthcare Access Challenge (HACk). The #SandozHACk is a global competition that invites entrepreneurs and innovators...

Connecting Care Goes Live with a Care Co…

The Connecting Care Interoperability Programme has gone live with its first Care Connect FHIR API so staff working with homeless and vulnerable people can see if they have a prescription...