Cyberangriffe auf Kliniken: Patientengefährdung, rechtliche Pflichten und ethische Herausforderungen
摘要
Cyberattacks on hospitals directly threaten continuity of care and patient safety. This article synthesizes the empirical evidence on cyber incidents in healthcare and maps core legal obligations, in particular under the German IT Security Act and the associated ordinance regarding critical infrastructure (BSIG/BSI-KritisV), § 75c of the Fifth Book of the German Social Code (SGB V), and the EU General Data Protection Regulation (GDPR).
ArgumentsThe article examines liability with a focus on objective breach of duty, the causal nexus between inadequate cybersecurity and patient harm, and legal attribution. From a governance angle, anticipated expert standards (B3S/ISMS, “state of the art”) are analyzed as instruments to operationalize and concretize the duty of care for hospital operators and management. The ethical analysis consolidates core dilemmas—especially ransom payments and resource allocation trade-offs between cybersecurity and immediate clinical care—using the frameworks of principlism and an ethics of responsibility.
ConclusionCybersecurity is patient safety. Preventive documentation, risk-adequate technical and organizational safeguards, and rehearsed contingency procedures are not only legal requirements but also ethical imperatives. The article concludes with concise recommendations for hospital owners, supervisory bodies, and ethics boards on how to strengthen digital resilience without compromising the core mandate of patient care.