Data theft / Security hole / Uncategorized

Sensitive medical records are at risk!

Sensitive medical records are at risk!

In mid-July of this year, a network was attacked that organizes the medical records of eleven hospitals and four geriatric care institutions from Rhineland-Palatinate and Saarland. Data security is a problem for many hospitals and comparable institutions.

Hacking attack on hospitals

Often sensitive data is not only stolen, but the attacker also tries to extort a ransom. The term Ransomware stands for a hacking attack that encrypts the databases and can thus build up blackmail.

The attackers proceeded similarly in mid-July. The network, which was hacked by a security hole, could be encrypted to a large extent after the data was stolen. Whether the attackers demanded a ransom has not been publicly disclosed.

Institutions that work with sensitive medical records are locative for attackers. This is because this data is particularly valuable on the black market because it cannot be altered. A credit card or password can be changed or blocked. Information from medical records, on the other hand, cannot be changed and are therefore very sensitive data that can potentially be used against you.

Security of my medical records

We already reported in detail on the safety of our own health data at the beginning of this year.

The sensitive data processed by large hospitals or smaller practices should be protected. However, it is often difficult for smaller institutions to keep IT security up to date due to a lack of capital. The capital that the various institutions are entitled to for data security depends on how many inpatient cases are treated in one year.

The threshold is 30,000 cases, because from this number on an institution is considered a critical infrastructure (KRITIS). Since this number only reaches 6% of all hospitals in Germany, 94% of the other institutions have less money available to keep data security up to date.

The Solution

The simplest solution would be to lower the brand so that a higher percentage is classified as critical infrastructure. Another option would be to remove the brand and classify any institution working with sensitive health data as a critical infrastructure.

This is exactly the approach the Marburger Bund is pursuing:

“It doesn’t matter in which hospital patients are treated – their highly sensitive disease-related data are equally well protected against unauthorized access everywhere,” demands Rudolf Henke, 1st Chairman of the Marburger Bund, in view of the recent hacker attacks on clinics in Rhineland-Palatinate and Saarland.

Since this possibility would take up considerably more money, it has not yet been possible to agree on how IT security in hospitals can be kept up to date.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.