Elderly care organization Joris Zorg defeats the (hacking) dragon together with MxDR

Once upon a time, there was a hack... and they lived long and securely. It sounds like a fairy tale, which fits well with elderly care organization Joris Zorg. Everyone knows Joris and the dragon; the dragon takes the princess hostage, squire George kills the dragon and everyone is safe again. The moral behind this story is why Joris Zorg is proud to bear this name: Joris stands for courage, willpower and perseverance. This allows you to do great things, especially if you do it together. To make the 'fairy tale' surrounding the hack end well, Joris Zorg did not do it alone either. Paul Verlaek, Information Manager, explains how Joris Zorg was able to put the focus where it is right: on the care for and well-being of the elderly.

Unwanted Christmas gift

It was Christmas Eve 2022. Joris Zorg was hacked, with all local data being stolen. "They were on a local backup server with user data from our employees. Our IT department had to scale up immediately to get everything back up and running as quickly as possible. The Z-CERT Foundation helped us with various challenges surrounding the hack. They know what you can do best in such a situation; from security issues to communication with the media. This foundation also introduced Wortell to us," Paul begins his story. As a blessing in disguise, Joris Zorg had already switched to the cloud with 95% of the applications and they were using a Microsoft 365 environment. It was therefore no problem to resume daily work quickly. "We were up and running again within a day. Because the on-premise server had been hacked, users could not log in to our cloud applications, such as the Electronic Client File (ECD), via Single Sign-On. For the care colleagues who were working, we had created a temporary login to the EHR and used a backup for the medication information that we could print. We have reimbursed a new identity or driver's license for a large number of colleagues, because we felt partly responsible for the infringement. The hack was very annoying to experience, but fortunately there was no interruption of care."

Always when you're not there

"Most hackers attack at times when we don't work, so it's good to rely on a partner who is available 24/7. It's about management and response. After the hack, Z-CERT alerted us to Wortell's Managed extended Detection & Response (MxDR) service. It took little time to set this up and get it operational." The MxDR service provides real-time insight and stops about 75% of incidents with automated responses; For the remaining 25%, experts are on standby at any time of the day to intervene acutely. "Wortell detects, solves the problem and then informs us. For example, about a recent login attempt from Jamaica that was intercepted. In short, they have a mandate to take immediate action." In addition to deploying the MxDR service, Wortell also helped with the fine-tuning of the Microsoft Defender products. "We already had it in use, but we still had to tweak it. Our Microsoft environment and all cloud applications were at risk." Now that the right foundation has been laid for Joris Zorg, other components of the network environment are being examined. "Among other things, we use smart cameras to monitor the clients, should they fall, for example. This is privacy-sensitive information and we want to use the same MxDR service for that. This makes us feel safer than with Microsoft solutions alone."

Layla Jongerius, Healthcare Account Manager at Wortell, adds: "The implementation always starts with a security maturity assessment. This creates a gap analysis between the current security measures and the product requirements we set. In this way, we ensure that we have (jointly) made the right adjustments before we set up our service. We have also done this for Joris Zorg."

Care that is right

"Our first priority? Providing care to the elderly. Our colleagues who work with clients want to help them with their care needs. That's what their hearts beat for. And from IT we want to support those colleagues well; this contributes to our services and we have to comply with various standards, such as the NEN-7510. For example, we have to record all actions of patients, including various special personal data." Joris Zorg's IT department consists of four colleagues and is responsible for all topics that affect IT: from application management to hardware and security. "We can't do without a partner who has specialist knowledge, for example about the Microsoft Defender products. It is not feasible for us to train our people in this. In any case, it is not our core business, but that of Wortell. It changes every day and they do it 24/7."

Layla adds: "Solutions such as MxDR help to comply with compliance measures. New insights are emerging. In the long term, smartly designed IT can also offer space for artificial intelligence, for example, which offers many opportunities in healthcare. For that you need a safe haven, which you create with MxDR. This way you can look ahead and get started with innovative solutions that help build healthcare. That also helps to embrace the cloud and all its possibilities. The starting point: healthcare is about the care and well-being of clients and not about security."

Getting smarter together

"We want to keep developing so that we don't experience another hack. For this we lean on Wortell and we are a member of the trade association ActiZ and expertise center Z-CERT." Keeping each other informed, exchanging possibilities and building and sharing knowledge together; they seem to be parts of the success formula. For both Joris Zorg and Wortell. Layla says: "We also apply the experiences that we gain at Wortell at one healthcare organization to the next, if that has value. In combination with the useful insights from our MxDR user group, we work together on the need to keep evolving and we continuously improve the MxDR service; also with the laws and regulations. Wortell's goal is to become smarter and smarter with MxDR based on practice and to stay ahead of the bad actors. In doing so, we consciously choose to be in the Netherlands. Customers can even visit part of our security operation center, so they can get an impression of what happens to information. A dummy screen with fictitious data shows how an incident takes place, how we act on it, how many incidents have been handled automatically, how we communicate, which people are behind the buttons and how cool they think it is to solve a hack. It contributes to the feeling that their environment is in safe hands with us."

Tips for other healthcare organizations

For Joris Zorg, the hack ended well; the MxDR service has even laid a foundation for safe further development. In such a way that it supports care. Paul's tips for other healthcare organizations that are working on their security:

• "It seems obvious, but get started with your security before you get hacked. The problems are incalculable if client data is made public.
• Does your organization use a Microsoft environment? Then choose the Microsoft Defender Suite, have it checked carefully by experts and ensure an optimal setup.
• Leverage the MxDR service to proactively protect the environment from attacks and risks. This also helps you to gain insight into your environment and to comply with the NEN measures.
• Become a member of Z-CERT so that you can take advantage of the special rates for healthcare. In combination with the Microsoft non-profit prices, security becomes affordable."