Fulfill BfArM requirements through ProSec penetration test

Build cyber resilience

Standards & Certifications

BfArM & Co.: Safely designing the digitization of the healthcare system

An inherent desire of healthcare is to preserve and sustain life. So it is not surprising that letters and faxes have been "kept alive" here to this day. But at the latest the bottleneck of fax machines in health authorities in the context of the COVID-19 pandemic has shown how important the rapid expansion of digitization in the healthcare sector is.

A lot is currently happening in Germany in this area:

  • Funding from the Hospital Future Act (KHZG),
  • Introduction of electronic patient files (ePa),
  • e-prescription
  • Digital Health Applications (DiGA)

These developments are desirable in terms of patient orientation. However, it is important: 

Anyone doing digitization must think about IT security.

Numerous laws, standards and organizations are intended to ensure the development of sustainable and secure digitization in the healthcare sector:

  • The IT Security Act 2.0
  • The Federal Institute for Drugs and Medical Devices (BfArM) with specifications for IT security
  • Mandatory criteria for funding from the Hospital Future Fund (KHZF)
  • Gematic
  • Other standards

Our team of specialized penetration testers and IT security consultants supports you in fulfilling legal and regulatory requirements in terms of IT security.

Pentest Physical Scenario 1

Better safe than sorry: security by design & by default

Security by Design: Early integration of IT security

When setting up and expanding digital infrastructures, two principles are crucial: security by design and security by default. This is all the more true in healthcare, where sensitive patient data is important on the one hand and maintaining patient care on the other.
PSN Shift Left vs Traditional
With the Shift-Left approach, IT security is integrated into development as early as possible in order to ensure security by design.

IT security is an important element in protecting human life.

The principle of "security by design" is about taking the security aspect into account as early as the development of digital applications and structures (and not only checking it afterwards). In terms of the shift-left approach, the topic of IT security should be integrated as far "to the left" as possible in the development timeline.

If you are just at the beginning of a digital development process, don't put off the topic of IT security and talk to us right away!

Then we will clarify in a non-binding introductory meeting how we can best support you in matters of IT security.

Security by Default: Secure by default

If WLAN routers were still delivered without activated password protection, as was the case at the beginning, there would probably be vast numbers of unprotected WLAN networks in German private households - and probably also in pharmacies and doctor's surgeries.

If you connect a new router today, it usually has a passphrase written on the underside, with which your network is protected by default - i.e. "by default". You have to actively switch off this security component if you really don't want to use it.

health router
All applications and components should follow this “security by default” principle, especially in the area of ​​critical infrastructures. If this is not the case in some places in your network, our penetration test is the best way to uncover these vulnerabilities and then fix them.

DiGA: Penetration test is mandatory in the fast-track procedure at the BfArM

Manufacturers of reimbursable digital health applications (DiGA) have to go through the fast-track procedure at the BfArM in order to be included in the corresponding directory. Since April 01.04.2022st, XNUMX, a penetration test has been one of the mandatory requirements for this procedure.

With a penetration test by ProSec you play it safe with your DiGA!

With our Mobile Application Penetration Testing, our ethical hackers use your app with an attacker's perspective, finding potential vulnerabilities and security gaps. They include both static aspects (e.g. forgotten credentials in the source code) and dynamic aspects (e.g. communication with the API). The possibility of physical theft of the mobile device is also taken into account.

More information about our holistic Mobile Application Penetration Testing (Here you can find the entire collection.). Feel free to contact us for a non-binding introductory meeting!

E-prescription makes IT security relevant for pharmacies

The digitization of the healthcare system also includes pharmacies: topics such as WhatsApp communication, connection to MVZs and hospitals and in particular the introduction of e-prescriptions are increasingly bringing IT security into focus. These modernization processes are contrasted with outdated technical components such as FAX devices and FritzBox WLAN networks, which are often neither set up nor maintained professionally.

In short: When it comes to “Security by Design”, there is still room for improvement in many pharmacy networks.

In Germany, ProSec is a pioneer in penetration testing that is specially adapted to the needs of pharmacies.

Our customers include numerous pharmacies whose IT security we have already been able to modernize and expand with our expertise and experience. We'll pick you up on your current status and work with you to make your pharmacy fit in the fight against cyber attacks. Of course, we also get external service providers on board.

Our co-founder Immanuel Bär explains everything you need to know about IT security in pharmacies as an expert at specialist events such as expopharm and the PZ Management Congress as well as podcasts like that Apo chat. Our entire team attaches great importance to conveying our deep specialist knowledge in such a way that our counterpart can work with it in practice.

Would you like to have the IT of your pharmacy "examined" by experts to ensure the protection of sensitive customer data and your digital infrastructure? Then feel free to contact us for a non-binding introductory meeting!

Fax vs Messenger

Use of KHZG and KHZF requires investment in IT security

With the Hospital Future Fund (KHZF), the federal and state governments are providing a funding volume of up to 4,3 billion euros for the expansion of digitization in hospitals. Anyone who wants to receive funding from this pot must also invest in IT security. This makes sense in order to take into account the increasing possibilities for attacks at the same time as all the conveniences and the increase in efficiency through digitization.

Penetration tests are an important tool in securing digital infrastructures. During these tests, our ethical hackers (penetration testers) look for weaknesses and security gaps in your network like real attackers. They will then help you to efficiently resolve these so-called findings.

At a glance:

You've come to the right place if you...

  • You are responsible for IT infrastructures in the health sector and these in terms of patient care want to make it safe in the long term
  • For the fast-track procedure of the BfArM, a penetration test for your SAY benötigst
  • You run a pharmacy or are responsible for its IT and you are fit for it in terms of security e-prescription and Co. want to do
  • KHZG and KHZF want to use and want to invest in IT security for this in the form of a penetration test
  • Specialized, experienced and trusted Partners are looking for to support you in setting up and expanding your IT security