Strategic Guide - Use of Artificial Intelligence in Healthcare
Artificial intelligence is much more than a technological innovation – it is changing the way we think about, design, and take responsibility for medicine. For the healthcare sector, it opens up enormous opportunities: more efficient processes, more precise diagnostics, and more individualized care. At the same time, it challenges us to rethink existing structures – legally, ethically, and in terms of security policy.
Particularly when handling sensitive health data, trust is the decisive currency. It arises where security, transparency, and responsibility go hand in hand. The Cyber-Sicherheitsrat Deutschland e.V. (Cyber Security Council Germany) is therefore committed to ensuring that digital innovation in healthcare is always thought of in connection with cybersecurity and resilience. Only when systems are protected and governance structures are clearly defined can AI unfold its full potential.
This guide is intended to provide orientation for decision-makers on how AI in healthcare can be designed strategically, safely, and responsibly – as an integral part of modern, crisis-resilient healthcare.
The guide is available for download here:
Handlungshilfe für Entscheider | NIS2 – Von der Pflege zur strategischen Absicherung
The EU directive NIS2 fundamentally changes the responsibility for cybersecurity: it is no longer a purely IT task, but a strategic management and governance duty of corporate leadership – with clearly defined personal liability risks for board members.
Against this background, the event “Cyber im Dialog” took place in Munich on November 20, 2025 – a joint event by the eHealth and Insurance Hub. The focus was on the direct impact of NIS2 on decision-makers as well as concrete practical experiences from the business and insurance sectors.
NIS2 is not just a cost factor – but a strategic investment in resilience, stability, and trust.
Outlook: Actionable Guidance for Decision-Makers
During the event, it became clear how high the demand is for a compact, clearly structured NIS2 action guide for decision-makers. The Cyber-Sicherheitsrat Deutschland e.V. has taken up this suggestion and is now providing a practice-oriented guide that clearly summarizes the central obligations, risks, and fields of action. Many thanks to Jan Arfwedson for the editorial development.
The guide is available for download here:
IT Emergency Planning and Restart: The Foundation for Effective Business Continuity Management
Organizations across all industries are increasingly confronted with threats that jeopardize the availability and functionality of their IT systems. Dependence on digital infrastructures is growing steadily, while risks from technical failures, cyberattacks, or other crisis scenarios are simultaneously rising. Uninterrupted business operations can only be ensured by preparing for IT outages.
An IT emergency can lead to significant restrictions or even a complete standstill of central business processes within a very short time. This makes it all the more important to be able to react in a structured, fast, and coordinated manner in such situations. An effective IT emergency plan, supplemented by a restart plan, ensures that affected systems are restored in a controlled manner and that critical processes can be resumed quickly.
With the increasing importance of business continuity management, emergency preparedness is moving more into focus. The goal is to ensure both organizational and technical capacity to act in the event of an emergency. The IT emergency plan defines clear procedures, responsibilities, and priorities, adapted to the individual business requirements of the organization.
Our toolkit supports information security officers and management in developing, implementing, and continuously improving IT emergency plans and restart plans within the framework of business continuity management. It offers practical tips, structured process models, and impulses for a sustainable resilience strategy, so that your organization remains operational even in a crisis.
The guide is available for download here:
Working aid for information security officers and information for the hospital management
Hospitals and many other healthcare facilities bear a special responsibility for the resilience of their IT infrastructures in several respects. The care of patients with the support of state-of-the-art IT systems must be guaranteed just as reliably as the protection of sensitive patient data.
IT security incidents in clinics and hospitals that have become public knowledge show that medical facilities can increasingly fall victim to a cyber attack, both in a targeted and untargeted manner. The changed global political situation may also have to be taken more into account in the future when designing security measures to protect critical infrastructures.
Not least because of the increasing digitization in the field of medical care, hospitals in particular are increasingly facing major challenges with regard to the protection and resilience of their IT systems, processes and components that are relevant to medical care.
With our handout, we give information security officers and hospital management the most important tips for designing information security in hospitals.
Calculation tool for personnel capacities for an information security officer
With the help of our calculation tool, clinics can use their tasks and capacities to estimate how great the need for an information security officer is in their hospital. The assessment of the workload can be a basis for the design of a job.
The guide is available for download here:
How do I protect my hospital?
The technical development in the IT sector in the last 25 years has been enormous and has also led to completely new possibilities in the healthcare sector. This is an encouraging development, since technical advances have significantly improved the efficiency and quality of a hospital’s central business processes. However, there is also a dark side that has manifested itself dramatically in recent months: hospitals have been victims of cyber attacks.
If you reduce the very extensive implementation instructions, orientation aids, recommendations for action as well as the recognized standards and regulations to six essential points, which offer the greatest possible benefit and protection against cyber attacks, then these are the following six basics according to experience. The vast majority of cyber attacks can be prevented or significantly reduced in impact by taking these steps.
In this guide, which is continuously updated in line with current technological developments and the latest findings, the Cyber Security Council Germany e.V., with the kind support of our member AuraSec GmbH, presents the most important measures.
The guide is available for download here:
How do I protect my company?
Small and medium-sized enterprises are the backbone of the German economy. They generate a large part of the gross national product and provide jobs for millions. Small and medium-sized companies are attractive, but unfortunately so are cybercriminals. More than half of cyber attacks hit small and medium-sized businesses with fewer than 500 employees. In the case of many smaller medium-sized companies, there is also the fact that they do not have the same cyber security infrastructure as large corporations that can finance and maintain their own IT departments and comprehensive IT security protection.
The good news is that even small businesses can protect themselves by taking concrete steps that are easy to adopt and maintain.
The vast majority of cyber attacks can be prevented or mitigated by taking these steps.
In this guide, which is continuously updated in line with current technological developments and the latest findings, the Cyber Security Council Germany e.V. presents you with the most important steps.
The guide is available for download here:
How do I protect myself as a private individual?
Most people spend a lot of time on the internet. They order in online shops, they book trips, they make transfers or stream series. The Internet is a natural part of everyday life.
When you hear about cyber attacks on large companies or government agencies, it’s easy to think that the risk to consumers is much smaller. Unfortunately, individuals are particularly at risk. This starts with malware and spam e-mails and extends to phishing attacks to steal bank details and passwords.
The good news is that individuals and families can also protect themselves by taking concrete steps that are easy to implement and maintain. The vast majority of cyber attacks can be prevented or intercepted by taking such steps.
In this guide, the Cyber Security Council Germany e.V. presents you with the most important steps.
The guide is available for download here: