Digital Health:
Specialists for your Cyber Security

In order to increase efficiency and improve collaboration, the healthcare sector is also increasingly turning to digitalization. Many systems are being moved to the cloud. However, the processing of sensitive personal and health data requires particularly good IT system security. Otherwise, the healthcare company risks compromising its business processes, information leakage, blackmail, loss of image and, in one in seven cases, the health and safety of patients.

Information security specialists for the healthcare sector

Redguard's specialized Digital Health Consultant team consists of information security specialists from various areas of the healthcare sector. They include former IT managers from medium-sized hospitals, platform developers, application managers and medical specialists. Our security experts also hold recognized IT security certificates, such as CISA, CISSP, CISM and IHE.

Extensive knowledge and many years of experience ensure that our team understands the healthcare sector from an organizational, technical and cultural perspective.

Familiar with the challenges of the healthcare industry - security & data protection

Thanks to our industry specialists, we know the challenges of the healthcare sector and know how to support you pragmatically and holistically.

Selected references in the healthcare sector

Popular with our customers

Request offer

Assessment

Structured determination of the organization's current information security situation. Analysis and identification of potential for improvement and derivation of concrete measures to achieve this, including prioritization.

Security Awareness

Security awareness training poses a particular challenge in the healthcare sector, as different professional groups in multi-shift operations need to be reached in a way that is appropriate for the target group and as part of their daily work. Together with our partner, we can offer you e-learning courses optimized for mobile devices and flank them with additional measures (e.g. live hacking, workshops, cardboard displays, posters, handouts, quiz books, screensavers, etc.).

MedTech Security / Penetration Test

Security of medical devices: Sensitive data and high regulatory requirements set the bar high. Due to the combination of hardware and software, many devices are highly complex. Integrating the devices into the IT infrastructure increases efficiency, but also potentially creates new vulnerabilities. Carrying out necessary software security updates is a challenge in the day-to-day work of healthcare providers. Many good reasons to only commission experts to advise you on your security architecture or to carry out penetration tests on your devices.

Cyber Emergency (Business Continuity & Incident Management)

Healthcare facilities in particular should be prepared for a cyber emergency so that they can respond quickly and effectively. Business continuity management (BCM) and incident playbooks provide the ideal basis for preparation. In the event of an acute cyber emergency, our experts offer the right support to keep your damage to a minimum and ensure that you can get back to your day-to-day business as quickly as possible.

Data protection

Data protection is of central importance in the healthcare sector, as systems store a lot of personally identifiable and sensitive medical information. We support you in balancing the best possible protection of personal and health data with the requirement that only authorized persons have access to the data and that it is available at all times, especially in emergencies.

CISO Mandate / CISO as a Service

If you have more work to do in the area of cyber security than you have capacity for, our experienced experts can help out as (Chief) Information Security Officers on a mandate basis. They can take on individual projects or serve as an interim solution until you have found your CISO. The CISO can also call on other Redguard specialists to provide selective support.

Cloud Security

We support you in the challenge of reconciling the enormous potential of cloud providers, automated business processes and the networking of medical devices with the requirements of data protection and data security. We also check the security configuration of your cloud platforms for you and support you in developing your cloud security governance.

For all levels of the healthcare sector

With our extensive industry experience, we advise at all levels of the healthcare sector:

1. at federal level, we helped to define the safety regulations that are relevant to the healthcare sector.

2. at the level of industry and professional associations, we helped to translate the requirements into guidelines that provide guidance to individual healthcare facilities on how to comply with the legal requirements and implement them efficiently.

In addition, we supported the development of a reference management system for data protection and data security for electronic patient records (EPR), a data protection concept and implementation aids. We also developed minimum requirements for IT baseline protection (cyber security and data protection) as well as a concept for connecting mobile devices to the EPD and offer holistic support as a CISO on a mandate basis.





3. we are also active at the level of healthcare providers in various areas:

  • healthcare facilities of various sizes and orientations such as clinics, specialist hospitals, retirement and nursing homes as well as outpatient primary healthcare service providers: Implementation of general and specific requirements for the respective healthcare facility by means of vulnerability scans, penetration tests, security awareness training and workshops, live hacking, simulated phishing, concept for the introduction of a data protection management system (DSDS), holistic support as CISO on a mandate basis, site assessments and internal information security audits.




  • Medical software: Security architecture consulting, checking the software for vulnerabilities using penetration tests, etc.
  • Health insurance: Security awareness campaigns and live hacking, penetration tests and attack simulations, container security and Kubernetes security, security concepts, risk management and supplier security management, e-learning cyber security & secure development, physical security checks.

  • Manufacturer of medical devices (MedTech): Cyber security assessment, testing of medical devices taking into account legal and normative requirements.

Further successful projects and references

Our references include, among others:

  • Collaboration on the implementation aid for data protection and data security from eHealth Suisse
  • Development of the Minimum requirements for IT baseline protection of the FMH
  • Supporting a small hospital in fulfilling the data protection and data security requirements
  • Conducting sensitization in medical centres
  • Conducting an information security site assessment at a medical device manufacturer

Further references and success stories from the healthcare sector can be found on our references page.


Our offers according to organization size

Request offer

Smaller healthcare organizations

Smaller organizations in particular have little personnel and financial capacity to take a holistic approach to cyber security. We therefore offer an attractive package for organizations with up to 50 employees. For CHF 4,950.00 you receive:


Digital Health Starter Package

  • Assessment of the organization's current information security situation
  • Vulnerability scan of all the organization's systems available externally via the Internet
  • Report with the vulnerabilities discovered and a prioritized recommendation on how to address them

In order to increase the security awareness of your employees and minimize the probability of a successful phishing ransomware attack, we recommend that you offer access to a combined phishing and e-learning platform in addition to the starter package for 25 or more employees.

Medium-sized healthcare organizations

Because of more complex IT and a defined budget for cyber security, medium-sized organizations have often already taken a closer look at the topic. We offer individual services for these organizations. These include in particular:

  • Conducting a phishing simulation to test whether your employees would fall for a phishing. Alternatively: access to a combined phishing and e-learning platform to increase employees' security awareness and minimize the likelihood of a successful phishing ransomware attack (Success Story medX Nordwest)
  • Automated vulnerability scan of all the organization's systems accessible from outside via the internet
  • Penetration testing of internal systems with automated scans supplemented by a test expert to determine how vulnerable the systems are if, for example, an attacker takes over a notebook
  • Consulting in the area of data protection (success stories pharmaSuisse and eSanita)
  • Temporary assumption of the management or support of the existing person responsible for security (CISOaaS) in the establishment or further development of information security management

Large healthcare organizations

In addition to the services mentioned above, we are happy to offer larger healthcare organizations further support in order to complement their human resources and specialist know-how with our expertise in handling healthcare data in the best possible way.

For example, the services of the "Cyber Security Officer as a Service" (CISOaaS) can be intensified:

Cyber Security Officer as a Service (CISOaaS)

  • Contact point and expert advice for all questions relating to information security
  • Development and maintenance of an information security management system (ISMS)
  • Development of security guidelines and submission of implementation recommendations
  • Interdisciplinary collaboration with all stakeholders within the organization
  • Leading risk management and risk analysis
  • Conception, preparation and implementation of training and awareness-raising measures (success story medX Northwest)
  • Conducting internal and external IT security audits
  • Assistance and support in the procurement/evaluation of IT applications, systems and services
  • Support in the handling of security incidents
  • Access to a combined phishing and e-learning platform. This allows you to train your employees efficiently and adapted to their everyday work and test them with a phishing simulation. This allows you to optimally improve your employees' phishing detection and minimize the chances of success of a ransomware attack via phishing emails



Are you looking for security experts with experience and know-how in the healthcare sector? Making digital health secure is one of our main focuses. Contact us without obligation if you have any questions or need support.

Digital Health Blogposts

Cyber Security in der Personalvorsorge – Was Pensionskassen jetzt wissen müssen Sep 18, 2024

Die Anforderungen an die Informationssicherheit für Pensionskassen sind alles andere als einfach. Unterschiedliche Vorgaben sorgen für Verwirrung und werfen Fragen auf: Welche Meldepflichten gelten und wie sieht die Zukunft der Cybersecurity in der Branche aus? Dominique Meier und Anja Aellen geben wertvolle Einblicke und zeigen, wie ein strukturiertes Informationssicherheits-Management-System (ISMS) helfen kann, Ordnung ins Chaos zu bringen. Jetzt mehr erfahren und gut gerüstet sein!

Read full post

Leben retten mit Incident Management im Gesundheitswesen Sep 7, 2023

Jedes Unternehmen kann Opfer einer Cyberattacke werden. Das Gesundheitswesen ist jedoch ein besonders attraktives Ziel, da Ausfälle verheerende Folgen bis hin zum Tod von Patienten und Bewohnern haben können. Neben den damit einhergehenden Reputationsschäden sind auch die finanziellen Auswirkungen von Cyberattacken nicht zu unterschätzen. Erfahren Sie hier, warum es im Gesundheitswesen zu Cyber-Vorfällen kommt und wie Sie diesen mit Incident Response Management entgegenwirken können, inkl. kompakten Merkblättern zur optimalen Vorbereitung auf einen Cyber-Vorfall und Sofortmassnahmen im Notfall.

Read full post

Cyber-Sicherheit mehrseitig angepackt May 9, 2023

Der Verband für Krebsvorsorge ADC BEJUNE mit Sitz in Delémont hat das Ziel, Krebsfrüherkennungs-Programme in den Kantonen Jura, Neuenburg und Bern zu fördern, organisieren, verwalten und durchzuführen. Dabei werden täglich besonders schützenswerte Personendaten erfasst und bearbeitet. Deshalb ist die Cyber-Resilienz ein zentraler Punkt in der Strategie des Verbandes. Durch die Zusammenarbeit mit Redguard konnten aktuelle Schwachstellen in der IT-Architektur in Bezug auf die Informationssicherheit und den Datenschutz identifiziert und initiale Gegenmassnahmen evaluiert werden. Da der Verband besonders schützenswerte Personendaten bearbeitet, war es zudem unerlässlich, die Mitarbeitenden bezüglich Informationssicherheit zu sensibilisieren. So konnten wir über das ganze Projekt hinweg die Bereiche Technik, Organisation und Mensch berücksichtigen. Diese ganzheitliche Herangehensweise ist wichtig, um für einen ausreichenden Schutz vor Cyber-Gefahren zu sorgen.

Read full post

Awareness für medizinisches Fachpersonal: Phishing, Live Hacking und Webinare Apr 25, 2023

Medizinische Daten sind besonders schützenswerte Daten. Deshalb sind sie auch eine beliebte Ausbeute von Cyber-Kriminellen. Sowohl Patienten als auch Arztpraxen können dadurch Schaden erleiden. mediX nordwest – das Ärztenetz der Nordwestschweiz – möchte solche Vorfälle verhindern und hat sich Redguard als Spezialistin für Cyber Security im Gesundheitsbereich geholt. Zusammen haben wir eine Awareness-Kampagne entwickelt, die sich an medizinische Praxisassistenten sowie Praxisinhabende richtet. Lesen Sie, wie wir die Kampagne gestaltet und den Erfolg gemessen haben.

Read full post

Elektronisches Patientendossier (EPD): Machbar auch für kleine Spitäler Nov 2, 2022

Das Gesundheitswesen wird digital – und verändert sich. Ein wichtiger Treiber ist das elektronische Patientendossier (EPD). Das Fachspital Sune-Egge stand vor der Herausforderung sich an das EPD anzuschliessen. Wir durften dieses Projekt begleiten aufgrund unserer kombinierten Expertise in Informationssicherheit und im Gesundheitswesen. Lesen Sie, wie uns der Anschluss an eine zertifizierte EPD-Stammgemeinschaft gelang – pragmatisch und zielführend.

Read full post

Datenschutz und Datensicherheit – Grundvoraussetzung für das elektronische Patientendossier (EPD) Jul 22, 2021

Das Gesundheitswesen durchlebt zurzeit einen grossen Wandel. Prozesse werden digitalisiert, Systeme und medizinische Geräte werden vernetzt und in Kürze wird es mit dem elektronischen Patientendossier (EPD) einen standardisierten Austausch zwischen Leistungserbringer und Patienten und eine organisationsübergreifende Ablage von digitalen Gesundheitsdaten geben. Gleichzeitig nehmen Cyber-Angriffe auf Organisationen im Zusammenhang mit der Gesundheitsversorgung stark zu. Zudem hat die Pandemie im Zusammenhang mit Covid-19 eindrücklich gezeigt, wie wichtig ein gut funktionierendes Gesundheitswesen ist und welche Auswirkungen die Digitalisierung des Gesundheitswesens und eHealth-Projekte auf die Bewältigung der Herausforderungen haben oder haben könnten.

Read full post

Datenschutz mit System – Mit einem Datenschutzkonzept Jun 1, 2021

In den vergangenen Jahren hat der Datenschutz in der Welt der Unternehmen vermehrt an Wichtigkeit gewonnen, nicht zuletzt mit der Einführung der EU-Datenschutzgrundverordnung (EU-DSGVO). Nach einer zweijährigen Übergangsfrist trat im Jahr 2018 die EU-DSGVO in Kraft und bedeutete von da an ein finanzielles, aber insbesondere auch ein Reputationsrisiko für Unternehmen, die sich trotz Anwendbarkeit nicht an die Anforderungen hielten. Der Datenschutz ist auch in der Schweiz und für den Schweizerischen Apothekerverband pharmaSuisse ein wichtiges Thema.

Read full post