With the IT Security Act, the legislator aims to establish effective protection mechanisms for the so-called critical infrastructures in Germany. The German Hospital Federation is actively working to improve IT security in German hospitals by, among other things, defining a sector-specific security standard (B3S). The security of information technology systems in hospitals ultimately also serves patient safety.
The German Hospital Federation has revised the draft of an industry-specific security standard (B3S) published in December 2018 in accordance with the instructions of the Federal Office for Information Security (BSI) and, after consultation and approval by the industry working group "Medical Care" of the UP KRITIS as well as the responsible committees of the German Hospital Federation, submitted the version (Version 1.0) to the BSI for final review of the suitability of the B3S for the implementation of the requirements under Section 8a BSIG. The review resulted in minimal adjustments, which led to a version 1.1. This version was determined by the BSI on 22 October 2019 to be suitable in the sense of the BSI Act.
The version of the B3S (version 1.1) dated 22.10.2019 that has been determined to be suitable within the meaning of the BSI Act is provided below.
