The field of “information security” is currently dealing with a new technical term – “NIS 2.0”. Interested experts are realizing that the new EU Network and Information Systems Directive (NIS 2.0) is also being incorporated into national legislation.
The German draft bill published two months ago shows that the existing BSI Act will primarily be supplemented with important content.
A very significant addition is that the scope of the BSI Act has been considerably extended by the terms “important” and “particularly important institutions” and the lowering of the key figure thresholds to “at least 50 employees” and an annual turnover of at least EUR 10 million.
What are the reasons for this legislative measure?
The number of cyberattacks is constantly increasing – and hospitals are also increasingly affected.
The annual financial loss in Germany has been well over EUR 200 billion in recent years.
Experts specializing in cyber attacks act in a professional and business-oriented manner.
The technical variety of attacks is large and growing.
The changed political situation is also exacerbating the situation.
These are all reasons that are prompting legislators at European and national level to take action.
What is the impact on hospitals?
The reduction in the above-mentioned key figure thresholds also applies to hospitals.
This means that, with a few exceptions, all facilities are obliged to implement the appropriate technical and organizational measures to increase information security.
Although this involves a certain amount of bureaucracy and personnel, the benefits for every hospital are great, especially in the event of a cyberattack – here are some examples:
- Fast and targeted activities through preventive planning
- Routine management of security incidents
- Orderly and swifter return to normal operations
- Less financial damage
- Positive internal and external impact through a controlled, confident approach
Who should take care of implementation in the hospital?
- In most hospitals, IT management or IT staff are responsible for implementing the purely technical measures. In 2018, KRITIS hospitals were directly requested to fill the position of Information Security Officer (ISO).
- When NIS 2.0 comes into force, medium-sized and small hospitals will also have to find personnel solutions to support the necessary introduction of an information security management system (ISMS). In any case, it makes sense to bring in external personnel resources to prepare for NIS 2.0.
- We would be happy to support you in an advisory capacity and work with you to implement the necessary operational measures. Find out more without obligation and let us discuss together how we can help you with NIS 2.0.
(lb/Adiccon)