Question 1

What security standards apply to hospitals?

Accepted Answer

B3S Hospital (industry-specific security standard for healthcare), KRITIS regulation from 30,000 fully inpatient cases per year, IT Security Act 2.0 (Section 8a BSIG), GDPR and BDSG for patient data, and potentially NIS2 for larger hospital groups. For funded projects, additional KHZG obligations apply.

Question 2

What is the Hospital Future Fund (KHZG)?

Accepted Answer

A federal funding program (EUR 4.3 billion volume) for hospital digitalization. At least 15% of the funding must be allocated to IT security. DeltaSecure is an authorized provider per Section 21 (5) Sentence 1 of the Hospital Structure Fund Regulation -- certificate available at /zertifizierungen/.

Question 3

How are medical devices (MedTech) protected from cyberattacks?

Accepted Answer

Three layers: (1) Network segmentation -- MedTech devices in separate VLANs, isolated from office IT and the internet. (2) Monitoring via OT-IDS, as traditional endpoint security often cannot be installed. (3) Patch and lifecycle management with manufacturer coordination, as many devices operate for years without updates.

Question 4

How does the SOC respond to ransomware attacks on HIS/PACS?

Accepted Answer

Immediate isolation of affected subnets, assessment of patient care (activate emergency mode), forensics to determine the point of entry, parallel communication with BSI/CERT-Bund (Section 8a BSIG reporting obligation) and medical leadership. Recovery via offline backups; negotiation with perpetrators is generally not recommended.

Question 5

What hospital sizes does DeltaSecure serve?

Accepted Answer

From specialized clinics with fewer than 100 beds to large hospitals and hospital networks with over 1,000 beds. Focus: facilities eligible for KHZG funding (typically 200+ beds). Outpatient care centers and rehabilitation facilities are also served. KRITIS-obligated facilities receive 24/7 service with guaranteed B3S compliance.

Question 6

What penalties apply for data breaches involving patient data?

Accepted Answer

GDPR fines up to EUR 20 million or 4% of global annual revenue. For intentional breach of medical confidentiality (Section 203 StGB), additional imprisonment up to 1 year. Reputational damage from publication of sensitive diagnoses is often more threatening than the fines themselves.

Cybersecurity for Hospitals

HealthcareProtecting patient data and maintaining medical devices

Security Operations Center for Hospitals

Frequently Asked Questions

Clients

Cybersecurity for Hospitals

HealthcareProtecting patient data and maintaining medical devices

Security Operations Center for Hospitals

Frequently Asked Questions

Clients