Pfenninger Ernst, Königsdorfer Manuel
Anasthesiol Intensivmed Notfallmed Schmerzther. 2024 May;59(5):311-323. doi: 10.1055/a-2258-7362. Epub 2024 May 17.
Clinics are, by definition, part of a country's critical infrastructure. In recent years, hospitals have increasingly become the target of cyber attacks, resulting in disruptions to their functionality lasting weeks to even months. According to the "National Strategy for the Protection of Critical Infrastructures (CRITIS Strategy)", clinics are legally obligated to take preventive measures against such incidents. This involves evaluating, defining, and developing failure concepts for IT-dependent processes within a clinic to be prepared for a cyber attack. Specifically tailored emergency plans for computer system failures should be created and maintained in all IT-dependent areas of a clinic.Additionally, paper-based alternative solutions, such as request forms for diagnostic or consultation services, department-specific emergency documents, and patient documentation charts, should be kept in a readily accessible location known to staff in the respective areas. The complete restoration of a clinic's network after a cyber attack often requires extensive recovery of numerous IT systems, which may take weeks to months in some cases.If the hospital has robust plans for cyber emergency preparedness, including regular scans and real-time backups, stabilization and a quicker resumption of operations may be possible.
从定义上讲,诊所是一个国家关键基础设施的一部分。近年来,医院越来越成为网络攻击的目标,导致其功能中断持续数周甚至数月。根据《国家关键基础设施保护战略(CRITIS战略)》,诊所在法律上有义务针对此类事件采取预防措施。这包括评估、定义和制定诊所内依赖信息技术的流程的故障应对方案,以便为网络攻击做好准备。应在诊所所有依赖信息技术的区域制定并维护专门针对计算机系统故障的应急计划。此外,纸质替代解决方案,如诊断或咨询服务申请表、科室特定应急文件和患者病历表,应存放在各区域工作人员熟知的便于取用的位置。网络攻击后诊所网络的完全恢复通常需要大量恢复众多信息技术系统,在某些情况下可能需要数周至数月时间。如果医院有完善的网络应急准备计划,包括定期扫描和实时备份,则可能实现稳定并更快恢复运营。