Z-CERT and IT security businesses join forces to work on digital security of healthcare industry

By 5 November 2020 November 9th, 2020 CERT, News

IT security businesses sign letter of intent about sharing of information via the Healthcare Detection Network

AMERSFOORT – Since the outbreak of the coronavirus crisis, the Z-CERT Foundation, the expertise centre in the area of cyber-security in the healthcare industry, has been working on the Healthcare Detection Network (‘Zorg Detectie Netwerk’ or ‘ZDN’). To this end, Z-CERT has joined forces with the healthcare industry, the National Cyber-Security Centre (NCSC), and private parties. Via the ZDN, the healthcare industry shares information about malware, phishing, and cyber-espionage. From mid-November, even more organisations will join this network. Six IT security parties, Tesorion, Kahuna, KPN Security, On2IT, Pinewood, and Motiv, will then start sharing healthcare-specific threat information with their customers from the healthcare industry. The six well-known security parties signed a letter of intent for this with the Z-CERT Foundation.

Previously, 46 hospitals joined the ZDN directly. Now, another 27 healthcare organisations are added to this whose participation is organised via one of the aforementioned IT parties.

Director Z-CERT Wim Hafkamp speaks of a ‘Big step for the digital security of the healthcare industry.’ ‘We are glad that, together with these security parties, we can protect the healthcare industry even better against digital threats. Recently, it could again be noted in America, where hospitals were actively attacked with ransomware, that cyber-security is not an unnecessary luxury. Via Kahuna, KPN Security, Fox-IT, On2IT, Motiv, Tesorion, and Pinewood, we can connect even more healthcare organisations to the ZDN. Our objective is to connect 80 per cent of the hospitals to the network by the end of 2020.’

The ZDN creates, as it were, a detection shield around the healthcare institutions. When one of the connected organisations detects malicious activities, the organisation in question shares this with the Healthcare Detection Network. In cyber-security terms we call this an “IOC” (Indicator of Compromise). This IOC is recognised directly by the other connected healthcare institutions. They can then ‘clear’ the ‘pathogen’ before it infects the essential networks.

Recently, IOC have been included that are associated with state actors that try to hack into American research groups that conduct Covid-19 related research. By  sharing these IOC, Z-CERT intends to prevent potential Dutch researchers from also becoming a victim of espionage by state actors.

Hafkamp: ‘The ZDN is more relevant than ever. A threat to the one is a warning to the other. Only together can we make healthcare digitally more secure.’