On Tuesday, September 17th, 2019, the Bayerischer Rundfunk, in cooperation with ProPublica, reported on thousands of freely accessible X-ray images on the Internet. The gap had been known to the specialist public since 2016 and the data could be found by anyone with just a few clicks using a search engine.
The position of Cyber Security Council Germany e.V. on the topic is as follows:
IT systems with highly sensitive data must be secured at a high level! Against this background, the implementation of the requirement for state-of-the-art technical and organizational security measures (§8a BSIG) must be enforced and monitored with greater emphasis.
The current leak is the result of a negligent configuration of highly specialized IT equipment in the healthcare sector and should never have occurred to the operator when properly implementing a concept for information security.
In addition, the leak could have been discovered quite easily by a penetration test.
The CSRD e.V. therefore demands:
- More budget for cybersecurity in healthcare
- Better education and training of staff on cybersecurity and data protection
- Mandatory regular implementation of penetration tests for systems with sensitive data
- Extension of the obligations to implement the state of the art in information security