Fresenius is the largest clinic operator in Europe and treats most dialysis patients worldwide. As such, it bears a great responsibility: Not only does it have to protect sensitive personal data, it also ensures the seamless production of medical products. At the same time, as the world becomes increasingly digitized and networked, the risk of cyber-attacks is also growing.
This is where Fresenius’s Group Cybersecurity Office (GCSO) comes into play: By identifying risks, deriving suitable protective measures as well as implementing and controlling them, we help to protect sensitive data, critical infrastructure and the manufacturing of our products.
Identifying and averting risks is an important part of GCSO’s tasks. Hereby, working together as a team of Cyber Experts across all Segments is essential. Together we are developing and establishing a Cybersecurity Baseline to protect against these risks. Cybersecurity is by no means a purely technical issue, but above all one of corporate culture and risk awareness: The first line of defense against cyber-attacks are the people who work here. That’s why we support all teams that deal with cybersecurity at Fresenius, primarily by establishing and implementing appropriate training measures. Our work is therefore also based on an in-depth understanding of Fresenius’ value chain to ensure that its digital backbone is adequately protected.
At the same time, we use state-of-the-art techniques and tools to identify threats in good time and react as quickly as possible should incidents occur. Our specialists coordinate and accompany the required measures in the event of an attack. Proactive security analyses – in other words searching for threats and loopholes – help to guard against attacks. Digital forensics are also part of our job.
We are looking for a whole spectrum of skills: A basic technical understanding, for example in IT or data science, is certainly good. But even more important is a passion for all aspects of cybersecurity: To establish defense measures, for example, we need people who are interested in forensics and profiling; when it comes to risk management, we are looking for people who can prioritize the right investments based on risk; if you want to join our governance team, on the other hand, you should be able to set, implement and control objectives. You should also have a process-based mindset and an interest in business as well as in the meaningful work of a healthcare company. That is especially relevant if you want to work with the product safety team at Fresenius on defining architectures to protect production sites, hospitals and medical equipment.
The GCSO analyzes all areas of the company and identifies the specific cyber risks for each segment – such as the threat of attacks on production, patient data or intellectual property. Based on this, we continuously develop our security measures and plan investments.
We help to protect the value chain by means of comprehensive requirements, security architectures and concepts. We search for hackers and use threat intelligence and simulations to examine the need to enhance our processes and technologies.
The aim of our Cybersecurity Training & Awareness Program (CTAP) is to raise awareness among all employees of cyber threats and attacks. To this end, we offer mandatory training as well as courses, games, videos and other learning content on cybersecurity. Here, too, we regularly work with simulations – e.g., of phishing attacks – to check the effectiveness of our training concepts.