Position paper of the Cyber Security Council Germany e.V. on data leak with patient data

On Tuesday, September 17th, 2019, the Bayerischer Rundfunk, in cooperation with ProPublica, reported on thousands of freely accessible X-ray images on the Internet. The gap had been known to the specialist public since 2016 and the data could be found by anyone with just a few clicks using a search engine.

The position of Cyber Security Council Germany e.V. on the topic is as follows:

IT systems with highly sensitive data must be secured at a high level! Against this background, the implementation of the requirement for state-of-the-art technical and organizational security measures (§8a BSIG) must be enforced and monitored with greater emphasis.

The current leak is the result of a negligent configuration of highly specialized IT equipment in the healthcare sector and should never have occurred to the operator when properly implementing a concept for information security.

In addition, the leak could have been discovered quite easily by a penetration test.

The CSRD e.V. therefore demands:

  • More budget for cybersecurity in healthcare
  • Better education and training of staff on cybersecurity and data protection
  • Mandatory regular implementation of penetration tests for systems with sensitive data
  • Extension of the obligations to implement the state of the art in information security

Datenschutz
Wenn Sie unsere Website besuchen, werden möglicherweise Informationen über Ihren Browser von bestimmten Diensten gespeichert, in der Regel in Form von Cookies. Weitere Informationen finden Sie in unserer Datenschutzerklärung.