After numerous hospitals in Germany have already been victims of ransomware attacks and a patient in Düsseldorf even died as a result, a hospital in Israel recently hit a hospital for the first time. Hillel Yaffe Medical Center was victim of a cyber attack in early October and had to switch to alternative systems to ensure patient care. This means that even the already advanced digital health system in Israel is vulnerable. The latest case shows that cybercriminals are particularly focussed on health facilities because they are concerned about not being able to ensure efficient care and the often communal structure of the facilities triggers a quick response and possibly also the payment of the ransom money demanded. Hospitals and especially German institutions urgently need to invest in upgrading their IT security. But often there is a lack of funds, especially if it is not a KRITIS operator.
In Germany, a type of fund was set up with the Hospital Future Act, the Hospital Future Fund, which is financed with 4.3 billion euros by the federal and state governments. German hospitals can apply for funding until the end of 2021. Part of the budget can be invested in IT security under Chapter 3, Funding Act 10. Here it says: “The aim of this subsidy is to improve IT and cybersecurity in hospitals that do not belong to the critical infrastructures and in university clinics.” Management, SIEM etc. are listed in a SOC.
But even if the means are available: Using a modern SIEM solution in a hospital is not a sure-fire success and has to be planned. An example of an implementation is the southern Swedish hospital in the Jämtland Hëjredalen region. The SIEM used there collects, categorizes and analyzes log data in order to identify potential cybersecurity incidents and events. Based on pre-defined rules, it delivers real-time alerts and provides the data security team with security information in dashboards or reports that are periodically displayed on the screen. Best practices for pre-defined security rules and dashboards were developed in collaboration. This enables the hospital to monitor its IT infrastructure, ensure compliance with the Swedish Patient Data Act and give citizens quick and easy access to information about who has viewed their medical data. The solutions enable faster detection and response to cybersecurity incidents and also help protect patients’ rights to data protection. The Swedish security team can now focus on problems as they arise, and log analysis time has been reduced by a third. In addition, with an applied analytics module, it is possible to efficiently fulfill requests for access to medical records.
The introduction of a modern SIEM system with behavior-based detection and orchestration of IT security relieves the IT department and its security experts. The automation of the detection of irregularities in the network as well as the connected IoT systems helps security analysts to evaluate the really important cases in order to react more quickly and thus also prevent ransomware infections such as in the case of the affected hospitals in Neuss, Düsseldorf, Wolfenbüttel and many others to be able to.