In order to increase efficiency and improve collaboration, the healthcare sector is also increasingly turning to digitalization. Many systems are being moved to the cloud. However, the processing of sensitive personal and health data requires particularly good IT system security. Otherwise, the healthcare company risks compromising its business processes, information leakage, blackmail, loss of image and, in one in seven cases, the health and safety of patients.

Information security specialists for the healthcare sector

Redguard's specialized Digital Health Consultant team consists of information security specialists from various areas of the healthcare sector. They include former IT managers from medium-sized hospitals, platform developers, application managers and medical specialists. Our security experts also hold recognized IT security certificates, such as CISA, CISSP, CISM and IHE.

Extensive knowledge and many years of experience ensure that our team understands the healthcare sector from an organizational, technical and cultural perspective.

Familiar with the challenges of the healthcare industry - security & data protection

Thanks to our industry specialists, we know the challenges of the healthcare sector and know how to support you pragmatically and holistically.

Selected references in the healthcare sector

Popular with our customers

Assessment

Structured determination of the organization's current information security situation. Analysis and identification of potential for improvement and derivation of concrete measures to achieve this, including prioritization.

Security Awareness

Security awareness training poses a particular challenge in the healthcare sector, as different professional groups in multi-shift operations need to be reached in a way that is appropriate for the target group and as part of their daily work. Together with our partner, we can offer you e-learning courses optimized for mobile devices and flank them with additional measures (e.g. live hacking, workshops, cardboard displays, posters, handouts, quiz books, screensavers, etc.).

MedTech Security / Penetration Test

Security of medical devices: Sensitive data and high regulatory requirements set the bar high. Due to the combination of hardware and software, many devices are highly complex. Integrating the devices into the IT infrastructure increases efficiency, but also potentially creates new vulnerabilities. Carrying out necessary software security updates is a challenge in the day-to-day work of healthcare providers. Many good reasons to only commission experts to advise you on your security architecture or to carry out penetration tests on your devices.

Cyber Emergency (Business Continuity & Incident Management)

Healthcare facilities in particular should be prepared for a cyber emergency so that they can respond quickly and effectively. Business continuity management (BCM) and incident playbooks provide the ideal basis for preparation. In the event of an acute cyber emergency, our experts offer the right support to keep your damage to a minimum and ensure that you can get back to your day-to-day business as quickly as possible.

Data protection

Data protection is of central importance in the healthcare sector, as systems store a lot of personally identifiable and sensitive medical information. We support you in balancing the best possible protection of personal and health data with the requirement that only authorized persons have access to the data and that it is available at all times, especially in emergencies.

CISO Mandate / CISO as a Service

If you have more work to do in the area of cyber security than you have capacity for, our experienced experts can help out as (Chief) Information Security Officers on a mandate basis. They can take on individual projects or serve as an interim solution until you have found your CISO. The CISO can also call on other Redguard specialists to provide selective support.

Cloud Security

We support you in the challenge of reconciling the enormous potential of cloud providers, automated business processes and the networking of medical devices with the requirements of data protection and data security. We also check the security configuration of your cloud platforms for you and support you in developing your cloud security governance.

For all levels of the healthcare sector

With our extensive industry experience, we advise at all levels of the healthcare sector:

1. at federal level, we helped to define the safety regulations that are relevant to the healthcare sector.

2. at the level of industry and professional associations, we helped to translate the requirements into guidelines that provide guidance to individual healthcare facilities on how to comply with the legal requirements and implement them efficiently.

In addition, we supported the development of a reference management system for data protection and data security for electronic patient records (EPR), a data protection concept and implementation aids. We also developed minimum requirements for IT baseline protection (cyber security and data protection) as well as a concept for connecting mobile devices to the EPD and offer holistic support as a CISO on a mandate basis.

3. we are also active at the level of healthcare providers in various areas:

  • healthcare facilities of various sizes and orientations such as clinics, specialist hospitals, retirement and nursing homes as well as outpatient primary healthcare service providers: Implementation of general and specific requirements for the respective healthcare facility by means of vulnerability scans, penetration tests, security awareness training and workshops, live hacking, simulated phishing, concept for the introduction of a data protection management system (DSDS), holistic support as CISO on a mandate basis, site assessments and internal information security audits.
  • Medical software: Security architecture consulting, checking the software for vulnerabilities using penetration tests, etc.
  • Health insurance: Security awareness campaigns and live hacking, penetration tests and attack simulations, container security and Kubernetes security, security concepts, risk management and supplier security management, e-learning cyber security & secure development, physical security checks.
  • Manufacturer of medical devices (MedTech): Cyber security assessment, testing of medical devices taking into account legal and normative requirements.

Further successful projects and references

Our references include, among others:

  • Collaboration on the implementation aid for data protection and data security from eHealth Suisse
  • Development of the Minimum requirements for IT baseline protection of the FMH
  • Supporting a small hospital in fulfilling the data protection and data security requirements
  • Conducting sensitization in medical centres
  • Conducting an information security site assessment at a medical device manufacturer

Further references and success stories from the healthcare sector can be found on our references page.


Our offers according to organization size

Smaller healthcare organizations

Smaller organizations in particular have little personnel and financial capacity to take a holistic approach to cyber security. We therefore offer an attractive package for organizations with up to 50 employees. For CHF 4,950.00 you receive:


Digital Health Starter Package

  • Assessment of the organization's current information security situation
  • Vulnerability scan of all the organization's systems available externally via the Internet
  • Report with the vulnerabilities discovered and a prioritized recommendation on how to address them

In order to increase the security awareness of your employees and minimize the probability of a successful phishing ransomware attack, we recommend that you offer access to a combined phishing and e-learning platform in addition to the starter package for 25 or more employees.

Medium-sized healthcare organizations

Because of more complex IT and a defined budget for cyber security, medium-sized organizations have often already taken a closer look at the topic. We offer individual services for these organizations. These include in particular:

  • Conducting a phishing simulation to test whether your employees would fall for a phishing. Alternatively: access to a combined phishing and e-learning platform to increase employees' security awareness and minimize the likelihood of a successful phishing ransomware attack (Success Story medX Nordwest)
  • Automated vulnerability scan of all the organization's systems accessible from outside via the internet
  • Penetration testing of internal systems with automated scans supplemented by a test expert to determine how vulnerable the systems are if, for example, an attacker takes over a notebook
  • Consulting in the area of data protection (success stories pharmaSuisse and eSanita)
  • Temporary assumption of the management or support of the existing person responsible for security (CISOaaS) in the establishment or further development of information security management

Large healthcare organizations

In addition to the services mentioned above, we are happy to offer larger healthcare organizations further support in order to complement their human resources and specialist know-how with our expertise in handling healthcare data in the best possible way.

For example, the services of the "Cyber Security Officer as a Service" (CISOaaS) can be intensified:

Cyber Security Officer as a Service (CISOaaS)

  • Contact point and expert advice for all questions relating to information security
  • Development and maintenance of an information security management system (ISMS)
  • Development of security guidelines and submission of implementation recommendations
  • Interdisciplinary collaboration with all stakeholders within the organization
  • Leading risk management and risk analysis
  • Conception, preparation and implementation of training and awareness-raising measures (success story medX Northwest)
  • Conducting internal and external IT security audits
  • Assistance and support in the procurement/evaluation of IT applications, systems and services
  • Support in the handling of security incidents
  • Access to a combined phishing and e-learning platform. This allows you to train your employees efficiently and adapted to their everyday work and test them with a phishing simulation. This allows you to optimally improve your employees' phishing detection and minimize the chances of success of a ransomware attack via phishing emails



Are you looking for security experts with experience and know-how in the healthcare sector? Making digital health secure is one of our main focuses. Contact us without obligation if you have any questions or need support.