InsightNot a question of 'if' but 'when' a ransomware attack will occur. Be well prepared with a backup strategy

Alina Mot — 28. February 2022
Reading time: 3:30 minutes

IT-SICHERHEIT - auch in Krankenhäusern als Teil Kritischer Infrastruktur wichtiger denn je

In January, the International Red Cross reported a hacker attack with data theft of over "515,000 data of vulnerable people." ( on Jan. 20, 2022) Today, the question is no longer if a cyberattack will happen, but when - and how companies and organizations are prepared.

We are repeatedly called upon by customers during ransomware attacks to recover their important assets, critical data and thus the crown jewels of any organization. With this background of experience, we prefer the approach of protecting customers through more modern technologies and security by design in the data protection environment even before an attack occurs to the extent that their data can be recovered easier, faster and with as little loss as possible in case of emergency.

Critical infrastructure - new attack point for cybercrime

With the onset of the Corona pandemic, the situation for hospitals has also become much more acute in data security: While companies were previously targets for cyber-attacks, public services, and especially critical infrastructure (CRITIS) are now also more at risk. According to a Kaspersky study, almost three-quarters (72 percent) of German companies in the healthcare sector had been affected by at least one cyber-attack since the start of the pandemic as early as May 2021.


Given the increased level of attack, the issue of cyber resilience sheds new light on the topic of digitization in the healthcare sector: investment by the healthcare sector in new technologies and systems was still at 33.3 percent in 2021. At the same time, less than half (43 percent) of the IT decision-makers surveyed consider themselves sufficiently equipped to detect and analyze cyber threats in advance.

The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, short: BSI) attributes why the issue of cybersecurity poses new challenges for German hospitals to many digitization projects developed out of necessity in its study "The State of IT Security in Germany 2021." (BSI 2021:87)


Thus, if information security is neglected in favor of functionality and development speed, sensitive points of attack arise for entire corporate networks. In the context of digitization in healthcare, IT security has therefore counted as a key component of the Hospital Future Act (Krankenhauszukunftsgesetz, short: KHZG) promoted by the federal and state governments since 2021.


Given the high pressure under Corona in hospitals, cybercriminals have most frequently been able to gain access to sensitive data through ransomware. Ransomware allows cybercriminals to deny access to proprietary data in order to demand a ransom.


However, the better data is already secured at the time of the event, the less vulnerable the organization is to blackmail. This not only weakens cybercrime at its points of attack, but in particular strengthens the affected organization, which can move more independently under such pressure by recovering its data itself.

Take precautions before a crisis occurs: Backup strategy and disaster recovery plan

Defense strategies to avoid or close security gaps are undisputedly a supreme discipline in data security. However, it is irretrievable if the backup is damaged in an emergency, or infected by ransomware. Our work therefore begins long before the crisis occurs.


Based on a backup strategy and a disaster recovery plan, an organization is prepared for any emergency situation in terms of organization, personnel, but especially in terms of protecting its data. We ask our customers:

  • Do you have a disaster recovery plan?

  • How long and what data can you recover?

  • Have you already tested the plan?

Once an attack has occurred, this preparation cannot be made up. Therefore, especially for hospitals, very stable products and a proven strategy are important to reliably protect patient data.

Cloud? - Appropriate technologies for rapid detection

For the topic of cyber resilience as a holistic corporate strategy against cyber-attacks, the cloud is indeed a critical factor. Whether and which cloud strategy is chosen in conjunction with modern technologies - or even in a hybrid solution - must be well considered here. Our consultants can help with the decision with their know-how and decades of experience. We work with technology market leaders such as IBM, Predatar, Veeam, Rubrik or Cohesity. This makes our backup concepts pragmatic, secure and easy to implement - even in crisis-ridden infrastructures such as hospitals during a pandemic.


Being prepared for a ransomware attack means having a well thought-out and validated cyber resilience strategy. The implementation is tested and adjusted regularly, because requirements change over time. At the same time, it trains your employees to respond effectively to emergencies.

This article was published in IT-Sicherheit Spezial Krankenhäuser on 28.02.2022.