In the context of the increasing digitization of the healthcare sector, the National Center for Cyber Security (NCSC) has issued a series of recommendations for hospitals and other healthcare establishments. The list of recommendations includes technical as well as organizational measures, which are considered “minimum requirements” for cybersecurity.
NCSC measures. (Source: NCSC)
According to the NCSC, a patch and lifecycle management system is particularly important. The concept must in particular indicate when such or such software must be replaced (for example when it does not receive any more security patches) and when these corrections must be applied. According to the NCSC, the defined measures should be applied in priority and with great scale by all service providers in the health sector.
Approach started with the pandemic
The National Center for Cybersecurity explains that intensive collaboration with the Conference of Health Directors (CDS) has been initiated since the Covid lockdown, in order to strengthen cybersecurity in the sector. Thus, the NCSC sent monthly security updates to industry players to raise awareness of current security risks.
Last May, the CDS supplemented its “Recommendations for hospital planning” with a recommendation on data protection and information security. The NCSC now supplements them with its recommendations for minimum requirements.
The full NCSC recommendations can be viewed here (pdf).