Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
The hospital of today is in a perfect storm: technology is leaping ahead, patients demand better services, great new health challenges sweep the world, while legal compliance is getting more demanding. Hackers know how critical your systems are and take advantage. . With 40% of healthcare related companies falling victim to ransomware, there is a measurable impact on patient care from cyber events.
In the end, it’s always about the patient. To protect them, their privacy and their comfort, cybersecurity is now front and center. Governments have taken note and have finally backed up increased legal requirements with some very necessary funding.
Typical problems to tackle are:
The NIS2 law aims to strengthen cybersecurity, incident management and supervisory measures for entities that provide services that are essential for the maintenance of critical social or economic activities. It also aims to improve the coordination of public policies on cybersecurity.
To meet NIS2 requirements, hospitals must implement 11 cybersecurity measures. These can be grouped into four practical categories:
Cybersecurity policies and measurable processes: Clear internal rules and responsibilities including measurement of effectiveness
Risk analysis & management: Regularly assess and address risks with clear ownership and treatment plans
Business continuity & crisis management: Prepare for disruptions and recovery.
Cyber security incident handling: Detect, respond to, and report cyber incidents.
System security: Protect critical infrastructure and systems.
Use of cryptography: Encrypt sensitive data and communications.
Security in acquisition, development & maintenance: Ensure systems are secure from the start and remain so during their lifecycle
Policies on access control: Limit access to systems and data.
Asset management: Track and secure all IT assets.
Training & awareness: Staff must be trained to spot cyber risks and act safely.
NIS 2 Management Board training: NIS 2 has increased the accountability and responsibility for Management; it is required to provide training to management and board members to understand their responsibilities. Specialized board training helps leadership make informed risk-based decisions and reduce liability.
These measures are mandatory for essential entities like hospitals under Belgian law. The Centre for Cybersecurity Belgium (CCB) provides tools like the CyberFundamentals Framework (CyFun®) to help assess and implement these controls.
Toreon has been designated by Shield as its preferred partner for all aspects of Governance, Risk & Compliance (GRC), Ethical Hacking, and training related to NIS2 and other regulations. This means we support members with:
By combining Shield’s collective approach with Toreon’s specialized expertise, members gain:
Are you a Shield member or not and would you like to know what we can do for your hospital?
Feel free to contact us. We’d be happy to tell you how other members approach this and which steps have the greatest impact.
Toreon always starts from the strategy of the business to create a security program. We use international standards to create a roadmap for improving security maturity. All a pace that fits the organization. These necessary improvements set the stage for later compliance to regulatory pressures from NIS2 and other regulations.
Many hospitals don’t have a dedicated professional security officer or have someone juggling multiple responsibilities. Our Security Office as a Service provides the solution to both. We make sure all essential security services are covered, using security experts that understand your business. We make sure the essential security controls are covered. Then we create the improvement projects to reach a higher level.
We understand that security is not a project, but a journey. And we are in it for the long run.
We use international standards to assess your current status. We come up with a target maturity, benchmarked to other healthcare providers and linked to your organization’s strategy and risk appetite.
Then we create a roadmap for attaining that desired security level.
We can test your infrastructure, internet exposed systems, cloud setup or specific applications. We take particular care around critical medical systems.
Our experts create reports that are business oriented and can be used for management discussions and 3rd party verifications.
Our service is not a ‘one man show’. You get trusted advisors that have a whole crew to support them, providing stability to your security efforts. This service is perfect for those that need ‘essential security’ but don’t want or need a full time CISO. Or for CISOs who want a security office with all the expertise they may need, available at will.
