Blog & Nl Banner 1200 300 (10)

Trojan Horses in Hospital IT: Hackers Target the Healthcare Sector

“Smart” devices in hospital networks are a gigantic attack playground for cybercriminals

Bad Homburg, June 9, 2021–  In recent months, cyberattacks on the healthcare infrastructure have increased dramatically – and the gateways for hackers are many and varied. While companies and institutions are increasingly protecting themselves against phishing and malware, IoT devices – so-called smart devices connected to the network – are often overlooked as virtual targets. “Numerous devices in a modern IT network – routers, medical equipment, printers, surveillance cameras, sensors and much more – are all too often found to present weak points in their firmware that barely ever get patched, making it easy for hackers to exploit them. With the upcoming German legislation regarding hospital security, legal pressure is now building to ensure comprehensive security of IT and all components,” says Rainer M. Richter, CEO of IoT Inspector. The company operates one of the leading platforms dedicated to auditing hard-wired device software (so-called firmware) for security vulnerabilities, efficiently closing these potential gateways for cybercriminals. The latest case – a strike against the Irish Health Service Executive (HSE) – shows that attackers are becoming increasingly creative: “The attack was highly sophisticated, not just standard,” says Paul Reid, chief executive of the Irish Health Service Executive (HSE). As a consequence, the entire IT systems there had to be shut down.

Deadline: January 1st, 2022

By the end of the year, clinics and hospitals in Germany will have to strengthen and continuously monitor their IT security – not only in response to the increasing number of threats, but also to comply with legal requirements. Under Section 75 of the German Social Code, Book V, hospitals are required to take “appropriate organizational and technical precautions” to ensure IT security. As of January 1st, 2022, the IT security measures of all hospitals must thus conform to the latest standards.  In addition, regular proof must be presented to the BSI concerning the type and scope of the audits carried out, as well as a list of the security deficiencies uncovered. “This means that security audits and reports on securing the IoT devices used are also part of this duty to produce evidence,” summarizes Rainer M. Richter from IoT Inspector.

Take advantage of the “Hospitals of the Future” funding program

In addition to KRITIS clinics, smaller hospitals must also increasingly protect themselves against cyberattacks – this is the only way to ensure the well-being of patients. “Any oversight in this respect can endanger people’s lives – a clinic with no IT systems can hardly operate, as shown last year with the Uniklinik Düsseldorf,” warns the Rainer M. Richter. The Hospital of the Future Fund (KHZF), which is being set up for this purpose at the Federal Social Security Office, currently provides funding of 4.3 billion euros. “For the first time in decades, the federal government is investing directly into hospitals from its budget: 3 billion euros will be dedicated to the digital infrastructure – for connectivity and not for isolated solutions,” explained the Federal Minister of Health, Jens Spahn, after the 2020 resolution was passed. “Operators of a healthcare infrastructure should act quickly and comprehensively to eliminate the risks at all points. Together with our partners, we are happy to provide support in the area of IoT security,” advises IT expert Richter.

Copy Of Ads 480 120


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150