BfArM requirements met by ProSec penetration test

Build cyber resilience

Standards & Certifications

BfArM & Co.: Shaping the digitalization of healthcare safely

An inherent desire of healthcare is to preserve and maintain life. So it is not surprising that the letter and fax have been "kept alive" here to this day. But at the latest, the bottleneck of fax machines in health offices in the context of the COVID 19 pandemic has shown how important the rapid expansion of digitization in healthcare is.

A lot is currently happening in Germany in this area:

  • Funding through the Hospital Futures Act (KHZG),
  • Introduction of electronic patient records (ePa),
  • E-recipe
  • Digital Health Applications (DiGA)

These developments are desirable in terms of patient orientation. However, it is important:

If you want to digitize, you have to think about IT security.

Numerous laws, standards and organizations are intended to ensure the establishment of sustainable and secure digitization in the healthcare sector:

  • The IT Security Act 2.0
  • The Federal Institute for Drugs and Medical Devices (BfArM) with specifications for IT security
  • Mandatory criteria for funding from the Hospital Future Fund (KHZF).
  • Gematik
  • Other standards

Our team of specialized penetration testers and IT security consultants supports you in meeting legal and regulatory requirements in IT security.

Pentest Physical Scenario 1

Better safe than sorry: Security by Design & by Default

Security by Design: Early Integration of IT Security

When building and expanding digital infrastructures, two principles are crucial: security by design and security by default. This applies all the more in the healthcare sector, where, on one hand, sensitive patient data is at stake and on the other hand, the maintenance of patient care is vital.
PSN Shift Left vs Traditional
In the shift-left approach, the topic of IT security is integrated as early as possible in the development process to ensure security by design.

IT security is an important component in the protection of human life.

The principle of "security by design" is about taking the security aspect into account as early as the development stage of digital applications and structures (rather than checking it at a later stage). In line with the shift-left approach, the topic of IT security should be integrated as far "left" as possible in the development timeline.

If you are just at the beginning of a digital development process, don't put off the topic of IT security and talk to us right away!

Then we will clarify in a non-binding meeting how we can best support you in terms of IT security.

Security by Default: Secure by default

If WLAN routers were still supplied without activated password protection by default, as they were in the early days, there would probably be vast numbers of unprotected WLAN networks in German private households - and presumably in pharmacies and doctors' surgeries as well.

When you connect a new router today, it usually has a passphrase written on the bottom that protects your network by default. You have to actively switch off this security component if you really do not want to use it.

Health Router
This "security by default" principle should be followed by all applications and components, especially in the area of critical infrastructures. If this is not the case in some places in your network, our penetration test is the best way to uncover these vulnerabilities and then fix them.

DiGA: Penetration test is mandatory in fast-track procedure at BfArM

Manufacturers of reimbursable digital health applications (DiGA) must go through the fast-track procedure at the BfArM in order to be included in the corresponding directory. Since 01.04.2022, a penetration test is one of the mandatory requirements for this procedure.

Play it safe with a penetration test from ProSec for your DiGA !

In our mobile application penetration testing, our ethical hackers use your app with an attacker's eye to find potential vulnerabilities and security holes. They include both static aspects (for example, forgotten credentials in the source code) and dynamic aspects (for example, communication with the API). The possibility of physical theft of the mobile device is also taken into account.

You can find more information about our holistic mobile application penetration testing here. Feel free to contact us for a non-binding get-to-know conversation!

E-prescription makes IT security relevant for pharmacies

The digitalization of healthcare also includes pharmacies: Topics such as WhatsApp communication, connection to MVZs and hospitals, and especially the introduction of the e-prescription are increasingly bringing IT security into focus. These modernization processes are confronted with outdated technical components such as FAX devices and FritzBox WLAN networks, which are often neither professionally set up nor maintained.

In short, many pharmacy networks still have room for improvement when it comes to security by design.

ProSec is a pioneer in Germany in penetration testing specifically adapted to the needs of pharmacies.

Our customers include numerous pharmacies whose IT security we have already been able to modernize and expand with our expertise and experience. We pick you up at your current level and make your pharmacy fit together with you in the fight against cyber attacks. Of course, we also bring external service providers on board.

Our Co-Founder Immanuel Bär explains everything worth knowing about IT security in pharmacies as a speaker in lectures and as a Expert in professional articles. Our entire team cares a lot about communicating our deep expertise in a way that our counterparts can practically work with it.

Would you like to have your pharmacy's IT "checked" by experts to ensure the protection of sensitive customer data and your digital infrastructure? Then contact us for a no-obligation meeting to get to know each other!

Fax vs. Messenger

Use of KHZG and KHZF requires investment in IT security

With the Hospital Future Fund (KHZF), the federal and state governments are providing a funding volume of up to 4.3 billion euros for the expansion of digitization in hospitals. Anyone who wants to receive support from this fund must also invest in IT security. This makes sense in order to take into account the simultaneously increasing possibilities of attack, despite all the conveniences and the increase in efficiency through digitization.

Penetration tests are an important tool in securing digital infrastructures. In these tests, our ethical hackers (penetration testers) search for vulnerabilities and security holes in your network just like real attackers. They then support you in efficiently remediating these so-called findings.

At a glance:

With us you are at the right address if you...

  • You are responsible for IT infrastructures in the healthcare sector and would like to make them sustainably secure in terms of patient care.
  • You need a penetration test for your DiGA for the BfArM fast-track procedure
  • You run a pharmacy or are responsible for its IT and want to make it fit for e-prescription and the like in terms of security.
  • You want to use KHZG and KHZF and invest in IT security for this purpose by means of a penetration test.
  • You are looking for specialized, experienced and trustworthy partners to support you in setting up and expanding your IT security.