{"id":9172,"date":"2026-07-14T14:00:44","date_gmt":"2026-07-14T14:00:44","guid":{"rendered":"https:\/\/locaterisk.com\/de\/?p=9172"},"modified":"2026-07-14T14:00:44","modified_gmt":"2026-07-14T14:00:44","slug":"cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/en\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/","title":{"rendered":"IT Security Policy, Section 390 of SGB V: What Medical Practices Need to Know Now"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Back to Blog                <a href=\"https:\/\/locaterisk.com\/en\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">IT Security Policy, Section 390 of SGB V: What Medical Practices Need to Know Now<\/h1>\r\n            <p class=\"paragraph\"><br><span class=\"lr-ai-disclosure\" style=\"display:block;margin:8px 0 28px;font-size:14px;line-height:1.4;color:#8b93a7;font-family:inherit;font-style:italic;\">This text was generated using artificial intelligence (AI).<\/span>On July 14, 2026, the Federal Office for Information Security (BSI) announced the implementation of the new IT security directive pursuant to Section 390 of SGB V. This directive establishes mandatory security standards for the protection of sensitive patient data and affects approximately 99,000 medical and psychotherapy practices as well as nearly 38,000 dental practices in Germany. The goal is to strengthen information security in private practice and increase resilience against cyberattacks.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png\" alt=\"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Was Arztpraxen jetzt wissen m\u00fcssen\" class=\"wp-image-9142\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>The Legal Framework: From Section 75b to Section 390 of SGB V<\/strong><\/h2>\n\n\n\n<p>The legal basis for the new requirements is Section 390 of Book V of the Social Code (SGB V), which replaces the previous Section 75b of SGB V pursuant to the Digital Act (DigiG) of March 22, 2024. The specific requirements are established by the National Association of Statutory Health Insurance Physicians (KBV) and the National Association of Statutory Health Insurance Dentists (KZBV) in consultation with the Federal Office for Information Security (BSI). This collaboration ensures that the measures reflect the current state of the art and the threat landscape. To ensure long-term effectiveness, the guideline is reviewed annually and updated every two years.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Key Requirements of the Directive in Detail<\/strong><\/h2>\n\n\n\n<p>The directive requires all medical practices to adopt a structured approach to IT security. The requirements are tiered according to practice size but include mandatory technical and organizational measures for all:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Awareness-raising and training:<\/strong> All employees must be regularly informed about security risks and common attack methods.<\/li>\n\n\n\n<li><strong>Structured Onboarding:<\/strong> New team members must receive targeted training on the IT systems and the secure handling of patient data.<\/li>\n\n\n\n<li><strong>Personal login credentials:<\/strong> Each user needs their own account to track access and manage permissions effectively.<\/li>\n\n\n\n<li><strong>Patch and Change Management:<\/strong> Operating systems and applications must be kept up to date through regular updates to address known vulnerabilities.<\/li>\n\n\n\n<li><strong>Securing Endpoints:<\/strong> All devices that access practice data (PCs, laptops, mobile devices) must be adequately protected.<\/li>\n\n\n\n<li><strong>Evaluation of Cloud Services:<\/strong> The use of external service providers and cloud applications must be evaluated, and the terms of the collaboration must be set forth in a contract.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Mandatory Deadlines and Obligations to Provide Evidence<\/strong><\/h2>\n\n\n\n<p>The implementation deadlines for the directive are already in effect. Medical practices must be able to demonstrate compliance with the requirements:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Medical and Psychotherapy Practices (KBV):<\/strong> The requirements have been mandatory since October 1, 2025.<\/li>\n\n\n\n<li><strong>Dental Practices (KZBV):<\/strong> Implementation has been mandatory since January 2, 2026.<\/li>\n<\/ul>\n\n\n\n<p>In the event of a security incident, medical practices are required\u2014in addition to complying with the IT security policy under Article 33 of the GDPR\u2014to report data breaches to the competent data protection supervisory authority within 72 hours. The IT security policy and the data protection reporting obligations are thus directly interlinked.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Demonstrate compliance with Section 390 of SGB V using LocateRisk<\/strong><\/h2>\n\n\n\n<p>Implementing the IT security policy requires a thorough understanding of one\u2019s own IT infrastructure and the external service providers used. LocateRisk helps medical practices and their IT partners achieve the transparency needed to demonstrate compliance.<\/p>\n\n\n\n<p>The platform provides a continuous inventory of all externally accessible IT systems\u2014including forgotten subdomains, unmanaged cloud assets, and shadow IT that can arise in day-to-day operations. This overview forms the basis for effective patch management and serves as evidence for audits in accordance with the guideline. The Vendor Risk Management (VRM) module also enables the systematic review of cloud providers and other IT service providers, as explicitly required by the directive. This allows practices to provide verifiable evidence that their partners also meet the required security standards.<\/p>\n\n\n\n<p>As a \u201eMade in Germany\u201c solution, LocateRisk is operated in German data centers by ISO 27001-certified partners. Hosting in Germany helps medical practices meet data residency requirements and reduce the risk of data access by non-European authorities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources and further information<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>BSI (July 14, 2026):<\/strong> <a href=\"https:\/\/www.bsi.bund.de\/DE\/Service-Navi\/Presse\/Pressemitteilungen\/Presse2026\/260714_Cyberangriffe_auf_Praxen.html\" target=\"_blank\" rel=\"noreferrer noopener\">Press Release on Cyberattacks on Medical Practices<\/a><\/li>\n\n\n\n<li><strong>Federal Ministry of Justice:<\/strong> <a href=\"https:\/\/www.gesetze-im-internet.de\/sgb_5\/__390.html\" target=\"_blank\" rel=\"noreferrer noopener\">Text of the Law, Section 390 of SGB V<\/a><\/li>\n\n\n\n<li><strong>KBV:<\/strong> <a href=\"https:\/\/www.kbv.de\/documents\/infothek\/rechtsquellen\/bekanntmachungen\/richtlinien\/IT-Sicherheitsrichtlinie_390_KBV.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">IT Security Policy of the National Association of Statutory Health Insurance Physicians (PDF)<\/a><\/li>\n\n\n\n<li><strong>BSI:<\/strong> <a href=\"https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/E-Health\/Hinweise-IT-Sicherheitsrichtlinie-SGB\/Hinweise_IT-Sicherheitsrichtlinie-SGB.html\" target=\"_blank\" rel=\"noreferrer noopener\">Guidelines on the IT Security Policy in Accordance with SGB V<\/a><\/li>\n<\/ul>\n\n\n\n<p>\u2014<\/p>\n\n\n\n<p><strong>A note on our own behalf:<\/strong> This article reflects the legal situation as of the date of publication. Since IT law and compliance requirements are highly complex, this text is intended solely as a general guide and does not constitute legally binding advice. If in doubt, we recommend seeking legal counsel regarding implementation within your company. We assume no liability for the content.<\/p>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Frequently asked questions<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>To whom does the IT security policy under Section 390 of SGB V apply?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">The directive is binding on all medical and dental practices in Germany that participate in the statutory health insurance system. This includes approximately 99,000 medical and psychotherapy practices, as well as nearly 38,000 dental practices.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What deadlines must medical practices observe?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">The implementation deadlines have already passed. The guideline has been in effect since October 1, 2025, for the KBV sector, and since January 2, 2026, for the KZBV sector. Proof of implementation is required.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What are the most important new requirements?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Key requirements include regular employee training, systematic patch management, securing end devices, the use of individual login credentials, and the review and contractual regulation of cloud services. The requirements are tiered according to the size of the practice.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What happens if the rules are not followed?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">In addition to the data protection implications under the GDPR, Article 33 of the GDPR requires that a data breach be reported to the competent supervisory authority within 72 hours. Medical practices should therefore be able to fully document their compliance with these requirements.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Request your personal Live-Demo now<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"first name\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"last name\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Email\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">I agree with the <a href=\"https:\/\/locaterisk.com\/en\/datenschutz\/\" target=\"_self\">privacy policy<\/a>.<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Request a Demo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Your personal consultant<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Get in Touch Now<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/en\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/about\/\">About Us<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/impressum\/\">Legal Notice<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/datenschutz\/\">Privacy<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/gtc.pdf\">General Terms and Conditions<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/jobs\/\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>The IT security policy under Section 390 of SGB V sets new standards for medical and dental practices. Learn about the applicable obligations and how to demonstrate compliance.<\/p>","protected":false},"author":13,"featured_media":9142,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[632],"tags":[725,340,64,731,4,726,728,729,730,727],"class_list":["post-9172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-news","tag-arztpraxis-sicherheit","tag-bsi","tag-compliance","tag-cyberangriffe-gesundheitswesen","tag-it-sicherheit","tag-it-sicherheitsrichtlinie--390-sgb-v","tag-kbv","tag-kzbv","tag-patientendaten","tag-sgb-v"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Anforderungen f\u00fcr Arztpraxen<\/title>\n<meta name=\"description\" content=\"Die IT-Sicherheitsrichtlinie nach \u00a7 390 SGB V setzt neue Standards f\u00fcr Arzt- und Zahnarztpraxen. Erfahren Sie, welche Pflichten gelten und wie Sie Compliance nachweisen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/en\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Anforderungen f\u00fcr Arztpraxen\" \/>\n<meta property=\"og:description\" content=\"Die IT-Sicherheitsrichtlinie nach \u00a7 390 SGB V setzt neue Standards f\u00fcr Arzt- und Zahnarztpraxen. Erfahren Sie, welche Pflichten gelten und wie Sie Compliance nachweisen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/en\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-14T14:00:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Was Arztpraxen jetzt wissen m\u00fcssen\",\"datePublished\":\"2026-07-14T14:00:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/\"},\"wordCount\":936,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"keywords\":[\"Arztpraxis Sicherheit\",\"BSI\",\"Compliance\",\"Cyberangriffe Gesundheitswesen\",\"IT-Sicherheit\",\"IT-Sicherheitsrichtlinie \u00a7 390 SGB V\",\"KBV\",\"KZBV\",\"Patientendaten\",\"SGB V\"],\"articleSection\":[\"Cybersecurity News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/\",\"name\":\"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Anforderungen f\u00fcr Arztpraxen\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"datePublished\":\"2026-07-14T14:00:44+00:00\",\"description\":\"Die IT-Sicherheitsrichtlinie nach \u00a7 390 SGB V setzt neue Standards f\u00fcr Arzt- und Zahnarztpraxen. Erfahren Sie, welche Pflichten gelten und wie Sie Compliance nachweisen.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"width\":400,\"height\":400,\"caption\":\"compliance-regulatory\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Was Arztpraxen jetzt wissen m\u00fcssen\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IT Security Policy, Section 390 of Book V of the Social Code (SGB V): Requirements for Medical Practices","description":"The IT security policy under Section 390 of SGB V sets new standards for medical and dental practices. Learn about the applicable obligations and how to demonstrate compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/en\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/","og_locale":"en_US","og_type":"article","og_title":"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Anforderungen f\u00fcr Arztpraxen","og_description":"Die IT-Sicherheitsrichtlinie nach \u00a7 390 SGB V setzt neue Standards f\u00fcr Arzt- und Zahnarztpraxen. Erfahren Sie, welche Pflichten gelten und wie Sie Compliance nachweisen.","og_url":"https:\/\/locaterisk.com\/en\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/","og_site_name":"LocateRisk","article_published_time":"2026-07-14T14:00:44+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kristina Hoinkis","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Was Arztpraxen jetzt wissen m\u00fcssen","datePublished":"2026-07-14T14:00:44+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/"},"wordCount":936,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","keywords":["Arztpraxis Sicherheit","BSI","Compliance","Cyberangriffe Gesundheitswesen","IT-Sicherheit","IT-Sicherheitsrichtlinie \u00a7 390 SGB V","KBV","KZBV","Patientendaten","SGB V"],"articleSection":["Cybersecurity News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/","url":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/","name":"IT Security Policy, Section 390 of Book V of the Social Code (SGB V): Requirements for Medical Practices","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","datePublished":"2026-07-14T14:00:44+00:00","description":"The IT security policy under Section 390 of SGB V sets new standards for medical and dental practices. Learn about the applicable obligations and how to demonstrate compliance.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","width":400,"height":400,"caption":"compliance-regulatory"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/de\/cyberangriffe-praxen-it-sicherheitsrichtlinie-bsi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"IT-Sicherheitsrichtlinie \u00a7 390 SGB V: Was Arztpraxen jetzt wissen m\u00fcssen"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Measure and compare IT security","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/comments?post=9172"}],"version-history":[{"count":1,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9172\/revisions"}],"predecessor-version":[{"id":9173,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9172\/revisions\/9173"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media\/9142"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media?parent=9172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/categories?post=9172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/tags?post=9172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}