How do you organize 24/7 security in healthcare, without employing twelve specialists?
How do you organize 24/7 security in healthcare, without employing twelve specialists?
Healthcare organizations are continuously digitally connected. With laboratories, suppliers, portals, cloud environments, medical systems and external service providers. This connection makes care faster and more efficient, but also increases the dependence on systems and parties outside the own organization.
This became visible, among other things, in Population Screening Netherlands. Due to an attack on laboratory supplier Clinical Diagnostics , the organization had to deal with a data theft that affected 941,000 people. This made it clear how an incident at one chain partner can have a direct impact on public health care.
At the same time, patient care does not stop at five o'clock in the afternoon. The digital chain in which that care takes place runs day and night. Incidents, vulnerabilities and suspicious signals do not adhere to office hours, while many healthcare organizations do not have the capacity to staff a full 24/7 security team themselves.
This is where the core of the challenge arises: how do you organize continuous digital resilience in a sector where availability, privacy and continuity directly affect patient care?
Why this is a direct responsibility for healthcare administrators
Several frameworks come together for healthcare administrators. NEN 7510 has been asking for some time for appropriate measures for information security in healthcare, including monitoring and incident response. With NIS2 and the Cybersecurity Act, that responsibility is further tightened: organizations must be able to report incidents in a timely manner, demonstrably manage risks and be able to explain administratively how digital resilience is organized. Where digital disruptions affect continuity or patient safety, the Health and Youth Care Inspectorate is also watching.
At the same time, practice is unruly. The labor market for security specialists is tight and having your own 24/7 Security Operations Center requires multiple specialized roles, continuity in staffing and a schedule that continues to run day and night. For many healthcare organizations, this is difficult to achieve financially and organizationally.
This shifts the focus from tooling to organizational strength. Healthcare administrators must be able to demonstrate that detection, response and decision-making are also set up outside office hours. Not only technically, but also administratively: who acts, who decides, who communicates and who is accountable when an incident occurs.
Three routes to 24/7 coverage
1. Build your own SOC
An internal Security Operations Center offers maximum control, but also requires a substantial structural investment. In addition to technology, it is mainly about people: analysts, engineers, incident responders and coordination, spread over a schedule that continues to run 24/7. For large healthcare institutions, this can be a conscious choice. For many VVT, GGZ and disability care organizations, it is difficult to achieve financially and organizationally.
2. Entrusting security to the IT department
Outsourcing security to IT seems efficient, but has clear limits. Management and security require different expertise, different priorities and different availability. The IT department is often geared to stability, continuity and management, while security requires detection, analysis and rapid response to deviant behaviour. Without separate capacity and mandate, there is a risk that security will remain reactive.
3. Outsourcing via Managed (eXtended) Detection & Response
Managed Detection & Response provides access to specialized analysts, 24/7 monitoring, up-to-date threat intelligence and structured incident follow-up, without the fixed costs and organizational complexity of a fully internal SOC. For medium-sized healthcare organisations, this is often not a temporary solution, but a strategic choice to better organise continuity, risk management and administrative demonstrability.
What a mature MxDR approach yields
Wortell MxDR, in full Managed eXtended Detection & Response, is the 24/7 security service from the Wortell Cyber Defense Center. With this, we monitor not only endpoints, but also identities, email, cloud environments and relevant applications. Precisely because attackers are not limited to one entrance, detection must look beyond one technical domain.
For healthcare organizations, this means continuous monitoring of critical signals, rapid detection and follow-up of incidents, transparent reporting to management and enrichment with sector-specific threat information. Among other things, through our collaboration with Z-CERT, the sectoral CERT for Dutch healthcare.
The responsibilities remain clearly assigned. The healthcare organization retains ownership of policy, risk frameworks and decision-making. Wortell takes care of the operational implementation: detection, analysis, escalation and immediate action where necessary. We record this in a single governance model, with measurable KPIs, clear escalation agreements and reporting that is in line with both the operation and the managerial accountability.
MxDR
Get in touch
This is how it works in practice
-
Cordaan chose Wortell MxDR to gain insight and control over information security 24/7, without having to build a complete SOC itself. The organisation retains internal control over policy, risk frameworks and decision-making.
-
After a cyber incident, JorisZorg organized structural 24/7 detection and response via Wortell in a short period of time. This allowed the organization to strengthen its digital resilience, while maintaining continuity of care during the transition.
-
With Wortell MxDR , Siza guarantees continuous monitoring and rapid incident response within a management model that fits its own way of managing. This creates 24/7 coverage without having to recruit a team of specialized administrators.
Cordaan case
Questions that make administrative control in healthcare visible
-
Do we have 24/7 insight into suspicious signals within our healthcare systems, including links with suppliers and other chain partners?
-
Can we report a significant incident in a timely manner according to the Cybersecurity Act, with the correct information and substantiation?
-
What are our actual detection and response times and are they measured structurally?
-
Who is ultimately responsible in the event of a cyber incident and has this been demonstrably recorded to the supervisory board, IGJ and other regulators?
Healthcare organizations that cannot answer these questions clearly usually do not lack extra tooling. Above all, they lack coherent direction on detection, response and administrative accountability.
Security requires leadership, not more tooling
Digital resilience in healthcare is all about control over risk, continuity and compliance. With Wortell MxDR , your organization retains administrative control, while we ensure continuous monitoring, rapid follow-up, measurable results and reporting that is in line with the accountability to the supervisory board and supervisors.
Not as a separate remote supplier, but as a strategic partner in digital resilience: with attention to the healthcare practice, the chain in which you work and the availability of systems that patients and healthcare professionals rely on.
If you want to know where the organization stands, you start with factual insight. Insight into what is happening within the digital environment, where the greatest dependencies are and what choices are needed now to be able to continue to provide safe and reliable care in twelve months' time.