Cordaan takes care of clients, without worrying about information security
Healthcare has to do more with less money. That's where working more digitally makes a difference. But in a world where healthcare systems are increasingly interconnected, digital vulnerability is increasing. Information security is no longer an afterthought; a fact that Cordaan acknowledges, also through legislation that it has to comply with. That is why Cordaan is working step by step with Wortell on a strategic, future-proof approach. Rob Bergfeld, ICT Manager, and Rick Morsman, Information Security Officer, do not shy away from this challenge. They share their experiences.
Cordaan helps people who need nursing, care or guidance for a short or longer period of time, from young to old. The organization originated from several mergers in elderly care, disability care, youth care and care in people's homes. Approximately 6,500 employees and 2,000 volunteers provide care to around 20,000 people annually, spread over 120 locations in Amsterdam, Diemen, Huizen and Nieuw-Vennep. In addition, 60 home care teams are active. This scale and diversity make the design of information security complex. "We were looking for a professional party that is affiliated with Z-CERT". Cordaan's information and IT specialists were aware of the risks. To deal with this properly, a mature strategy and approach was needed.
Doing what you do best
Anticipating digital threats, such as unusual digital activities in the network, was not possible for Cordaan. "It is difficult to set up a Security Operations Center (SOC) yourself, with your own staff and technology. There are many variables and it is not feasible for us as a healthcare institution to bring them in-house. Outsourcing information security to an external party was the only option for our organization." And so Cordaan started looking for a partner to work with. Prior to the choice, various IT service providers affiliated with Z-CERT were visited. "This gave us an idea of which party would be the best fit for Cordaan." After demos and an extensive tender, the choice fell on Wortell. That was a bull's eye: "Wortell is a Microsoft house and that fits in well with our landscape, our vision and policy. We're also a Microsoft house, so that fits seamlessly.
Every choice has an effect
During the implementation phase, Wortell worked closely with Cordaan to set up Microsoft's security . "This was done in a structured and decisive way. The project leader made sure that we could coordinate this with an external party. We have jointly drawn up a framework in which all requirements are laid down. Every choice was carefully discussed: which functionalities were enabled immediately, which needed to be further tested first and which might pose risks to our employees or systems."
The phase was not only technically intensive, but also required a lot of coordination between different teams within Cordaan. "There were a lot of details on the table that you wouldn't expect at first. From technical configurations to access rights and how reports are handled: everything had to be set up logically and securely." The practical impact on the daily work processes of employees was also examined. "It wasn't just about ticking off a checklist. You need to think carefully about how technical functionalities affect the organization before turning them on or off. Sometimes a small adjustment turned out to have major consequences for the way our care workers do their work."
Threats from the dark web
Since the launch of MxDR and the deployment of the 24/7 Cyber Defense Center, Cordaan has a much better view of all security incidents. Wortell handles critical reports immediately. Wortell and Cordaan also exchange images about next steps in information security. This further development gives Cordaan real-time control and increases its response capacity to threats. "We have much more insight into the use by employees. In this way, we learn and can take targeted measures without unnecessary disruptions."
At Cordaan, Wortell provides 24/7 operational monitoring and advice on strategic steps for advanced safety. For example, dark web monitoring was implemented. "The dark web is something you don't go to yourself, but where there are many risks. We started in phases to learn from the reports that came in. This allowed us to take immediate action if data was leaked or misused."
Managed eXtended Detection and Response
Cybersecurity as next-level protection against all internal and external threats.
The dark web is something you don't come to yourself, but where there are many risks.
Moving forward together from experience and expertise
Trust through experience and room for further development thanks to expertise: that typifies the collaboration between Cordaan and Wortell. "The project went very smoothly, thanks to the professional, structured approach, the overview that emerged from it, the reports and progress monitoring and the good portal in which we can find everything 24/7." Thanks to this combination of expertise and strategic advice, Cordaan can fully concentrate on caring for vulnerable target groups. "During the project, we noticed that everything is very well secured within Wortell."
Cordaan is in a nice learning curve: "We learn more every day about how employees use the system, what normal behavior is and how we can stay alert to deviations. Wortell is on top of things and keeps us on our toes, so that we can also keep up the momentum." This provides the necessary insights for Cordaan and Wortell to continue to work together on good information security. And because of this positive experience, Cordaan is happy to share its knowledge with other healthcare institutions: "We are often asked for reference interviews about Wortell. It is nice to share our experience with fellow institutions that are also involved in information security. That way we hear where others stand and we can help each other."