Critical infrastructure is a popular target for cyber criminals
Even the healthcare sector is not immune to cyber criminals. In January 2022, for example, a hospital group on Lake Constance was the target of a cyber attack. But small and medium-sized enterprises are also the focus of hackers.
We take electricity, water, cash and medical care for granted. We only realize how much when these critical infrastructures (energy, water, food, information technology / telecommunications, health, transport / traffic and finance / insurance) fail. Supply bottlenecks can occur, causing price increases or even endangering public safety. Operators must therefore regularly prove to the German Federal Office for Information Security (BSI) that effective measures are in place to protect the systems.
Worst-case scenarios
The healthcare sector is currently a lucrative target for criminals. Because of the sensitive data involved, the potential for extortion is high there, according to the BSI. Affected facilities are very likely to comply with ransom demands.
At the beginning of January 2022, a clinic association on Lake Constance fell victim to a cyberattack. There, all servers and devices were shut down for security.
In the worst case scenario, clinics affected by malware will have to shut down operations. Then neither operations can be performed, nor can digital patient records be viewed or medications dosed. Clinics on Lake Constance were unable to accept new patients for a few days, but were able to care for those already admitted.
Worthwhile targets
In the past, large corporations were worthwhile targets for hackers. Today, small and medium-sized companies are also interesting, because ransoms are often paid to avoid data protection breaches such as the publication of data worthy of protection. In addition, hacking robots often do the groundwork. These programs automatically search for poorly secured systems and attack. If they were successful, hackers plan further strategic action.
In 2020/21, 9 out of 10 companies were victims of cyber attacks, which caused an average of 6.5 million euros in damage per company. How do you protect your own IT?
Certificates – the basis for cyber security
Regular software updates and data encryption using digital certificates help to minimize risks. The latter are used, among other things, for digital e-mail signatures, VPN connections (home office) or to secure devices that send data over the Internet (webcams, medical devices).
For security reasons, the validity of the certificates is limited. They must be renewed in good time, otherwise there is a risk of system failure. Since certificates are used in many places in the company, a certificate management tool like essendi xc makes sense.
The requirements for the management and handling of digital certificates are covered by guidelines and standards such as ISO/IEC 27001.
essendi xc supports the implementation of measures within the scope of ISO 27001 in the area of cryptography. It documents the complete lifecycle of all digital certificates in the company. In the audit, you can prove your procedure in an audit-proof manner at any time.