Risk management in hospitals - increasing security and optimising IT costs

More financial leeway for targeted IT investments

The German Federal Office for Information Security (BSI) recommends investing around 20 percent of the IT budget in cyber security and protecting sensitive data more effectively. However, most healthcare facilities are a long way from achieving this. It is no wonder that hospitals in particular, as part of a country's critical infrastructure, are repeatedly the target of hacker attacks. In recent months, for example, the Soest Hospital Association and Frankfurt University Hospital have been affected in Germany. Important parts of the operation were completely or at least partially paralysed.

Even if the damage was limited, as in the case of Hesse's largest hospital in Frankfurt am Main, and no data was lost or encrypted, the pressure is particularly high in the event of attacks on areas of critical infrastructure. The risk of collateral damage and therefore not only the internal but also the public pressure to minimise or eliminate the potential damage as quickly as possible is high in this situation.. This is likely to increase the hackers' chances of success in enforcing their criminal demands.

It makes it all the more important for clinics and hospitals to actively manage risk with regard to potential threats and to make targeted investments in data security and data availability as well as to build up cyber resilience within the organisation in order to protect themselves against the numerous and initially low-threshold attacks such as phishing emails or malware that occur in everyday working life.

In this article, we use two practical examples from the hospital sector to show how companies can open up new financial leeway in their IT budget by using used software licences, which can be used to make urgently needed investments, such as in the area of IT and data security.

Risk management in hospitals - data security, availability and sovereignty

In all critical infrastructure companies as well as  in public administration, there are often increased requirements for IT and data security and rightly so, because there are few areas where the volume, density and depth of personal information is as high as in the healthcare sector,This can range from patient and treatment data to research data as well as financial and billing data. Hospital organisations and clinic operators in particular should establish their own risk management system and focus on the following key scenarios:

1. Risk assessment and risk management

Regular risk analyses to identify weak points in the IT infrastructure and assess potential threats are essential. It is also essential to draw up a risk management plan to reduce or eliminate identified risks.

2. Data protection and compliance

Compliance with legal, industry or company-specific requirements and the continuous review of the extent to which all systems and processes comply with national and international data protection laws, such as the GDPR, form an important basis. Regular training for all employees on the topics of data protection, compliance and cyber security is equally essential in order to keep awareness as high as possible, even at a low-threshold level.

3. Technical security measures

• Encryption: Sensitive data should be encrypted both during transmission and storage.
• Network security: Implementation of firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS).
• Endpoint security: Securing all end devices with anti-virus software, anti-malware tools and regular updates
• Access control: Use of strong authentication procedures as well as digital and physical access restrictions to particularly sensitive data.

4. Data management and availability

• Carry out regular backups in the shortest possible cycles - preferably daily, in order to be able to react quickly in the event of data loss.
• Creation of a recovery plan after a cyberattack or data loss.
• Avoiding excessive dependence on one software provider, especially with the increasing integration of cloud services into the IT infrastructure.  

5. Incident response and monitoring

Creation of a detailed plan for the procedure during and immediately after a security incident with clear measures and responsibilities in all areas of the company, including internal and external communication.  

Establish targeted monitoring to ensure network and system activities are monitored for signs of cyber-attacks or suspicious behaviour.

6. Partnerships and security certifications

Working with external security companies and experts to understand the latest threats and defence strategies, as well as acquiring industry-recognised certifications as a confidence-building measure for patients, employees, business partners and shareholders or stakeholders.

7. Continuous analysis and optimisation of the current security strategy

Implementation of regular feedback rounds and monitoring of current trends and developments in the area of cyber security in order to continuously adapt the company's own strategy.

Active risk management reduces licence costs and creates financial leeway 

However, it is also clear that these measures for more IT and data security will place an additional burden on already strained budgets. Without savings elsewhere, only a few hospitals will be able to increase their IT security expenditure to the extent required. Especially as the increasing integration of cloud solutions brings with it new financial and security-specific challenges, at least in some areas. Especially in the area of widely used standard software for the inpatient working environment, for example in hospital administration, many IT managers prefer established and reliable on-prem solutions.

By purchasing and integrating used software licences into the existing software architecture, high licence cost savings of up to 70 percent can be achieved compared to the latest licence. In addition, licences that are no longer required can generate new cash flow through a sale.

Sounds almost too good to be true? Here are two examples that impressively confirm this:

Enquire now free of charge

Example 1: Asklepios Group - used software reduces licence costs by over 50 percent.

Cost pressure in the healthcare sector has been high for many years, especially for the operation of hospitals and specialised clinics. The imminent end of support for various Microsoft operating systems and applications was therefore a welcome opportunity to look at the licence cost structure and close impending security gaps. In this customer case, you can find out why those responsible at the Asklepios Group opted for extensive licensing of used Microsoft licences, which resulted in licence cost savings of over 50 percent compared to new licensing.

The Asklepios healthcare group is one of the leading private operators of hospitals and healthcare facilities in Germany with more than 50,000 employees and almost 2.5 million patients per year.

Example 2: Medius Kliniken - used software from PREO instead of a cloud solution

As digitalisation progresses, hospitals are also faced with the question of which cloud strategy is the right one for the future. Workplace-related, financial and security requirements all play a decisive role in this. In this customer case study, you can read why the IT managers at Medius Kliniken in Baden-Württemberg decided against the current Microsoft cloud solutions for the subsequent licensing of standardised application software and operating systems, thereby achieving savings of 50 percent on ongoing licensing costs.

Medius Kliniken is a non-profit company in the district of Esslingen with 31 specialist medical clinics, 22 health centres and over 3,000 employees.

PREO tip for operators of hospitals and healthcare facilities: Calculate your current savings potential now!

A large number of PREO customers come from the healthcare sector, primarily hospital associations and operators of specialist clinics, rehabilitation or healthcare facilities, but also health insurance companies and insurers. Take advantage of the industry expertise of PREO's licence experts and have the current savings potential based on the existing licence cost structure calculated free of charge and without obligation.

Enquire now free of charge

With PREO, you are choosing an experienced and reputable B2B provider

In the past, more than 1,000 companies have already benefited from the advantages of an audit- and compliance-proof integration of used volume licences into their software asset management. As one of the pioneers in the European trade in used software, PREO offers companies, organisations and public administrations or institutions:

• 100 percent legally compliant and audit-proof licence acquisition with maximum transparency in all processing steps, including complete documentation in the PREO licence portal "Easy Compliance".
     
  
• Many years of expertise in the integration of used software licences into classic network structures or hybrid licence models.
  
  
• Greater sustainability in the IT sector by promoting an active circular economy and reducing the company's CO2 footprint.
  
  
• PREO is the first used software retailer to be listed with a scorecard by EcoVadis, the world's largest provider of sustainability ratings.
  
  
• Detailed market knowledge and extensive experience through the audit-proof transfer of well over a million used software licences.
  
  
• Existing software licence management capacities for large IT infrastructure projects with thousands of workstations and cross-border locations.
  
  
• Convincing reference projects from numerous corporate groups and medium-sized companies from a wide range of industries.