Sign In
Hospital · KRITIS · B3S

KRITIS sector.Healthcare.With B3S context.

MailGuard and SecureFiles for facilities above the KRITIS thresholds, with reference to B3S Healthcare and KHZG. EU hosting, ISMS hook, audit log. As of 2026.

Request a demoMailGuard in detail
At a glanceAs of 2026

KRITIS-fit platform, not an add-on.

  • M365 default without a KRITIS layerMailGuard with BEC, QR filter and attachment protection
  • DICOM and result bundles as mail attachmentsSecureFiles as a direct line for clinical bundles
  • No cross-layer audit logAudit log as a SIEM event
Conbool MailGuard and SecureFiles map to B3S Healthcare and are KHZG-eligible. ISMS hook in place, EU hosting on ISO-27001 infrastructure.
Right for you if:Hospital > 30k casesKRITIS sector healthcareKHZG-eligible
100 %
EU hosting
KRITIS
sector healthcare
B3S
context
30 min.
MX switch

Compliance anchors

KRITIS BSI-KritisVB3S HealthcareNIS-2 essential entitiesKHZG funding line 10 IT security

Conbool supports the requirements from BSI-KritisV and B3S through technical and organisational measures. KHZG eligibility is project- and audit-specific; the hospital files the application itself.

Four building blocks for hospital IT.

MailGuard as a KRITIS layer, SecureFiles for clinical bundles, SecureMail for peer communication, Disclaimer for required disclosures.

MailGuard

MailGuard

BEC, QR-code phishing, URL reputation and attachment protection at the authentication layer. Audit log as a SIEM event.

MailGuard in detail
SecureFiles

SecureFiles

DICOM, results and large clinical bundles as a direct line.

SecureFiles in detail
SecureMail

SecureMail

Encrypted communication to GPs and rehab facilities, with a web reader for recipients without a certificate.

SecureMail in detail
Disclaimer

Disclaimer

Per-hospital and per-department disclosures applied server-side.

Disclaimer in detail
Typical workflows

Four scenarios from a working hospital.

From the ED inbox to the rehab handover note.

1

Catch BEC at administration

CFO impersonations to accounting requesting an early wire are filtered by MailGuard at the authentication layer.

2

DICOM to private practitioners

Imaging and DICOM bundles flow through SecureFiles as a direct line, beyond Outlook size limits.

3

Rehab handover

Handover notes and lab results sent to rehab facilities encrypted, with delivery receipts in the audit log.

4

KRITIS audit trail

Every email action lands in the audit log and is exported via SIEM to the hospital SOC.

Architecture

Conbool as a KRITIS layer in front of M365.

Conbool sits as an independent layer in front of Microsoft 365 or Exchange. HIS and reporting software remain unchanged.

MX switch

Inbound SMTP runs through Conbool, M365 remains the back-end.

ISMS hook

Configuration is documentable as a technical measure inside the ISMS, with B3S context.

SIEM export

Audit log via standard connector to the hospital SIEM.

Coexistence

Conbool coexists with common HIS, RIS and PACS systems via Outlook and SMTP.

Compliance mapping

How Conbool maps to B3S Healthcare.

B3S Healthcare defines protection goals for care IT. Conbool covers several measures in the communication-security area.

Confidentiality goal

End-to-end encryption in SecureMail and SecureFiles.

Integrity goal

DMARC-aligned outbound identity, tamper protection in the audit log.

Availability goal

Multi-stage filter and backpressure protection layers for the mail chain.

Evidence

Audit log per GDPR Art. 30 as auditable evidence.

KHZG and migration

Funding line 10, ISMS and rollout.

Conbool can be listed as a technical measure in the KHZG application. Rollout starts with a pilot tenant and ISMS documentation.

KHZG application

Funding line 10 IT security includes email security. Conbool ships the description of technical measures with the application.

ISMS documentation

Templates for ISMS adoption and measure mapping per B3S.

Pilot tenant

Pilot with one department, then full-house rollout.

Legacy sunset

Existing SEG or filter solution runs in parallel and is replaced step by step.

Frequently asked questions

Is Conbool KRITIS-fit?
Conbool is a technical measure that maps to several requirements from BSI-KritisV and B3S Healthcare. KRITIS classification is decided by the hospital itself, not by the vendor; Conbool documents the measures auditably.
How does this fit KHZG funding?
Funding line 10 IT security can include email security. Conbool ships the description of technical measures with the application. Eligibility depends on the concrete application and review by the relevant authority.
What does ISMS integration look like?
Conbool provides a measure description that can be integrated into ISO 27001 or IT-Grundschutz hospitals. SIEM export via standard connector to the hospital SOC.
Can we keep using HIS, PACS and RIS?
Yes. Conbool coexists with clinical systems via Outlook and SMTP. Clinical workflows remain unchanged; Conbool complements the mail and data layer.
What about GDPR Art. 9?
Patient data is a special category. Conbool supports the required protections from Art. 32 GDPR through encryption, audit log and EU hosting. DPA per Art. 28 GDPR included.
What does Conbool cost for hospitals?
Modular per function and per mailbox. Larger hospitals can bundle MailGuard, SecureMail and SecureFiles under one license. Concrete pricing on request.
Does this work for MVZ groups under a hospital owner?
Yes. Conbool supports multi-tenant setups or one central tenant for hospital owners with MVZ groups.

Verwandte Lösungen

Hornetsecurity-Alternative

Deutsche MailGuard-Alternative nach der Proofpoint-Übernahme.

Phishing-Schutz

BEC, Spear-Phishing und QR-Code-Phishing erkennen und entfernen.

Ransomware-Schutz E-Mail

Mehrstufige Anhang-Filter und URL-Reputation gegen Ransomware-Kampagnen.

Spam-Filter Unternehmen

Spam und unerwünschte Massenmail mit DACH-Heuristiken filtern.

CEO-Fraud-Schutz

BEC und CEO-Fraud-Attacken über Authentifizierungs-Layer abwehren.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Arztpraxis & MVZ

Niedergelassener Anwender mit gleicher Schweigepflicht und KIM-Anbindung.

Pharma & MedTech

Klinische Studien und Hersteller-Kommunikation nach EU-MDR und GxP.

Energieversorger & Stadtwerke

KRITIS-Schwester nach § 8a BSIG mit ähnlichem Melde- und Pflichtenkatalog.

A KRITIS layer for hospital IT.

Demo in 30 minutes. Pilot in one department. Modular by function.

Request a demoMailGuard in detail

Sources and date

Statements about KRITIS are based on BSI-KritisV in its respective version. Statements about B3S are based on the BSI sector-specific security requirement for healthcare. Statements about KHZG are based on the German Hospital Future Act and its funding rules. As of 2026.

HIS, RIS and PACS are generic terms in medical informatics. Microsoft, Microsoft 365 and Exchange are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.