How high-risk is your healthcare organization when it comes to information security and privacy (IB&P)? And how do you reduce any risks to an acceptable level? Now that the Ministry of Health, Welfare and Sport has announced that healthcare institutions will be subject to extra strict controls in this regard, it's high time for the kickstart IB&P, believe cybersecurity experts Marlie Oosterik and Joost Wagenaar. "With eleven simple questions, you know what to do."
Anyone who attended the kickstarter session on information security & privacy during Zorg & ict found a bag of flower seeds on their chair with instructions to plant them before July 1. A playful way to remind people that information security also has an expiration date.
"Start sowing now so you can reap soon," was Oosterik' s urgent advice . She is an expert on information security in healthcare at ICTU, which helps government organizations with their challenges around digitalization. To find out quickly whether your healthcare organization meets the new requirements of NIS2 and NEN 7510, ICTU has developed the kickstart Information Security & Privacy (IB&P) on behalf of the Ministry of Health, Welfare and Sport.
Confidential information
'Start your kickstart' allows you to get started right away and gain insight into your healthcare organization's information security and privacy, the promise says. The kickstart is particularly intended for (small) healthcare organizations that do not yet work fully according to NEN 7510. According to Oosterik and Wagenaar, innovation managers at Beter Healthcare, privacy and information security are particularly important in healthcare. "It's about confidential information of patients and clients, of course you want to be extremely careful with that, especially when exchanging that data."
This is where laws and regulations come into play, and those rules tend to tighten. "Most institutions are familiar with the term AVG," say the cyber experts, "but it gets trickier with NEN 7510 and NIS2. Which standard applies to your healthcare organization and do you comply with it?"
Quickscan
The free kickstart consists of a quick scan and five modules, following the plan-do-check-act cycle. The flexible modules can be completed separately or as a whole, depending on what your organization needs. Those who cannot figure it out can call on -also free of charge- support from ICTU and Bureau eOverdracht.
Easily accessible
"We want to keep it as approachable as possible," Oosterik holds up to her audience. "That's why with eleven simple questions in the quick scan you can check whether your organization is ready for the NEN 7510. This will make it immediately clear whether the most important measures have already been implemented, how you can encourage safe behavior among employees and whether support may be needed to improve information security."
Controls
Wagenaar: "The five modules give you tools and formats to get started independently or to take the right steps together with our team members. Module 2, for example, consists entirely of a risk analysis workshop, where we come to the healthcare organization on site. You will get a direct insight into how risky your organization is and what the impact is. In addition, we provide management measures to get any risks into the green."
Continuous improvement program
Oosterik and Wagenaar emphasize that this is a continuous improvement process. "Communication about the level of information security in the healthcare organization and creating awareness among employees about information-safe behavior is very important. Because knowing something and doing something are two different things."
This is an article by Dutch Health Hub. Want to keep up with all the news from the healthcare industry? Then take a look at the hub and sign up for the weekly newsletter.
↗
