Most recently, the Bremen clinics “Gesundheit Nord” were hit: cyberattacks in the healthcare sector are becoming more and more frequent. At the last meeting of the eHealth Hub, Hans-Wilhelm Dünn, President of CSRD e.V., described the current situation: “We are seeing unscrupulous hackers attacking critical infrastructure in Germany for personal gain and in some cases tolerated by hostile states. Global conflicts are now also being played out in the IT infrastructure of the local city hospital.”
Jan Arfwedson, head of the eHealth Hub, pointed out that in many hospital managements the issue of cybersecurity is still not prioritized: “Every hospital needs a security organization that addresses the issue, assesses risks and initiates the implementation of appropriate technical and organizational measures and monitors their effective implementation.” This is often understood to mean the function of the information security officer (ISO), who reports to the hospital management. In this context, he referred to the CSRD e.V. work aid “The Information Security Officer in the Hospital,” which is available here.
“Crisis management involves more than an IT emergency concept. Explicit preparation for a worst-case scenario saves money and nerves in case of doubt,” said Oliver Schneider, Managing Director at RiskWorkers GmbH, in his presentation. Trained by many years of experience in ransomware negotiations and crisis management, he cautioned, “Paying ransom can be the best possible option in some circumstances, but should never be done without professional negotiations – because even criminal hackers have pain points.”