SC144: Information Security in Hospitals Sector-Specific Security Standard (B3S)

Training: Security

Participants learn about the current version of the industry-specific security standard (B3S) for hospitals. The course provides practical guidance on how to plan and implement measures to systematically strengthen IT and information security. It covers the requirements of § 8a of the BSI™ Act as well as concrete steps to meet the industry-specific regulations.

Presence training Presence training

Start: 2025-11-24 | 10:00 am

End: 2025-11-24 | 06:00 pm

Location: Nürnberg

Price: 600,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-04-20 | 10:00 am

End: 2026-04-20 | 06:00 pm

Location: Nürnberg

Price: 600,00 € plus VAT.

Presence training Presence training

Start: 2026-11-23 | 10:00 am

End: 2026-11-23 | 06:00 pm

Location: Nürnberg

Price: 600,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Introduction round, expectation alignment, organizational matters

  • Introduction and basic knowledge
    • Information security fundamentals
    • Management systems (process-oriented, risk-based approach and continuous improvement)

  • Underlying laws, regulations, standards and industry standards
    • BSIG
    • BSI™-KritisV
    • SGB V
    • B3S based on ISO 27001, DIN EN 80001-1 and DIN 13080

  • The B3S "Medical Care"
    • Formal / General / Methodology / References
    • ISMS context
    • Management structure
    • Basic measures
    • Inventory, risk assessment and conception
    • Implementation of measures
    • Project-accompanying training, education and awareness
    • Continuous evaluation of effectiveness

  • Project with the objective "B3S compliance"
    • Guidelines of the DKG e.V.
    • Project team
    • Project manager
    • Reporting paths
    • Additional resources

Objectives:

Participants of the course SC144 Information Security in Hospitals Sector-Specific Security Standard (B3S) will acquire knowledge on

  • the legal and normative foundations related to information security,
  • the requirements that B3S imposes on hospitals,
  • what an Information Security Management System (ISMS) is, and
  • how to set up a project with the goal of achieving B3S compliance in hospitals.

Target audience:

  • IT Managers in Hospitals
  • Quality Management Officers in Hospitals
  • Information Security Officers
  • Employees Supporting the Implementation of B3S

Prerequisites:

General knowledge of information security management and quality management is helpful.

Description:

To better protect clinics from cyberattacks, the German Hospital Federation provides an industry-specific security standard (B3S) in accordance with § 8a BSI™ Act. The B3S outlines sensible and necessary measures to protect processes and systems in hospitals to enhance IT and information security.

In the course SC144 Information Security in Hospitals Industry-Specific Security Standard (B3S), the latest version of the B3S for hospitals is presented, demonstrating how you can plan and implement the required measures accordingly.

Other Info:

General Threat Landscape
The increasing digitalization in hospitals brings many opportunities to improve patient care and simplify the communication and documentation of information. However, the intensified use of digital technology also increases the risk of falling victim to cyberattacks. Cybercriminals quickly adapt to societal emergencies and exploit them for their purposes. Hardly any hacker attack is as effective for extortionists as one on a hospital. Because patients' lives are directly threatened, the willingness to comply with demands is higher than in other sectors.
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

600,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.