The German Federal Office for Information Security (BSI) has determined the suitability of an industry-specific security standard (B3S) with which hospitals can align their IT security measures. The B3S standard was developed by the German Hospital Association (DKG).
Hospitals and other medical facilities (like facilities in some other industries) have recently been affected by serious IT security incidents. In addition to the threat posed by ransomware attacks, sensitive patient data is a particular focus of attention.
Against this background, the industry-specific security standard offers framework conditions under which cybersecurity in the healthcare sector can be further increased. Slightly less than 10% of hospitals in Germany are registered with the BSI as Critical Infrastructure providers (KRITIS) within the meaning of the IT Security Act. The now-recognized B3S is also available to the many smaller hospitals that are not regulated as KRITIS operators, and should serve as a benchmark for the implementation of appropriate IT security measures.