Background <p>Cyberattacks on hospitals directly threaten continuity of care and patient safety. This article synthesizes the empirical evidence on cyber incidents in healthcare and maps core legal obligations, in particular under the German IT Security Act and the associated ordinance regarding critical infrastructure (BSIG/BSI-KritisV), §&#xa0;75c of the Fifth Book of the German Social Code (SGB&#xa0;V), and the EU General Data Protection Regulation (GDPR).</p> Arguments <p>The article examines liability with a&#xa0;focus on objective breach of duty, the causal nexus between inadequate cybersecurity and patient harm, and legal attribution. From a&#xa0;governance angle, anticipated expert standards (B3S/ISMS, “state of the art”) are analyzed as instruments to operationalize and concretize the duty of care for hospital operators and management. The ethical analysis consolidates core dilemmas—especially ransom payments and resource allocation trade-offs between cybersecurity and immediate clinical care—using the frameworks of principlism and an ethics of responsibility.</p> Conclusion <p>Cybersecurity is patient safety. Preventive documentation, risk-adequate technical and organizational safeguards, and rehearsed contingency procedures are not only legal requirements but also ethical imperatives. The article concludes with concise recommendations for hospital owners, supervisory bodies, and ethics boards on how to strengthen digital resilience without compromising the core mandate of patient care.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cyberangriffe auf Kliniken: Patientengefährdung, rechtliche Pflichten und ethische Herausforderungen

  • Fabian M. Teichmann

摘要

Background

Cyberattacks on hospitals directly threaten continuity of care and patient safety. This article synthesizes the empirical evidence on cyber incidents in healthcare and maps core legal obligations, in particular under the German IT Security Act and the associated ordinance regarding critical infrastructure (BSIG/BSI-KritisV), § 75c of the Fifth Book of the German Social Code (SGB V), and the EU General Data Protection Regulation (GDPR).

Arguments

The article examines liability with a focus on objective breach of duty, the causal nexus between inadequate cybersecurity and patient harm, and legal attribution. From a governance angle, anticipated expert standards (B3S/ISMS, “state of the art”) are analyzed as instruments to operationalize and concretize the duty of care for hospital operators and management. The ethical analysis consolidates core dilemmas—especially ransom payments and resource allocation trade-offs between cybersecurity and immediate clinical care—using the frameworks of principlism and an ethics of responsibility.

Conclusion

Cybersecurity is patient safety. Preventive documentation, risk-adequate technical and organizational safeguards, and rehearsed contingency procedures are not only legal requirements but also ethical imperatives. The article concludes with concise recommendations for hospital owners, supervisory bodies, and ethics boards on how to strengthen digital resilience without compromising the core mandate of patient care.