Hackers may target hospitals, according to BSI's expectations
In a recent statement, Arne Schönbohm, President of the German Federal Office for Information Security (BSI), has expressed concern about the IT security of critical infrastructures in Germany. The focus of his concern is the Microsoft Exchange Server vulnerability, which continues to pose a risk to numerous companies that have yet to address the issue.
Over the past two years, Schönbohm has been critical of German companies for being insufficiently quick to patch cybersecurity vulnerabilities. This criticism extends across sectors, including healthcare institutions required by the NIS-2 directive to implement adequate cybersecurity measures and promptly respond to incidents.
The Microsoft Exchange Server vulnerability, which came to light earlier this year, has affected a substantial number of servers in Germany. Two weeks ago, it was reported that a significant number of servers (4,000) were still affected, following an initial impact of 65,000 servers.
This vulnerability poses a significant risk to companies in Germany, as many are still unprotected. The poor patching behavior in some German companies contributes to their slow closure of known security gaps related to the Microsoft Exchange Server vulnerability.
Schönbohm points to several major cyber attacks in recent years, including the Lukaskrankenhaus in Neuss in 2016, hospitals in Rhineland-Palatinate and Saarland in 2019, and the University Clinic in Düsseldorf in 2020, as evidence of the potential consequences of such vulnerabilities. He warns of potential attacks on other companies in Germany.
The Microsoft Exchange Server vulnerability is one of the concerns that Schönbohm has expressed about the IT security of critical infrastructures in Germany. He further emphasizes that the rapid shift to home office due to the pandemic has left many systems vulnerable, making companies even more susceptible to cyber attacks.
Schönbohm also criticized that hackers are often given too easy a time, highlighting the need for timely patching of known security gaps in German companies. The Microsoft Exchange Server vulnerability, he believes, underscores this need.
In conclusion, Schönbohm's warnings serve as a call to action for German companies to prioritize cybersecurity and address vulnerabilities promptly to protect their systems and data from potential attacks.
