Z-CERT strives for cyber herd immunity for healthcare

Christiaan Piek & Wim Hafkamp
Published on


The term ‘herd immunity’ was mostly used this year in relation to COVID-19, also known as the Coronavirus. The idea behind herd immunity: if enough people are immune to the virus, we will be less at-risk, collectively. Take that thought and apply it to the digitalisation of healthcare, and you end up at Z-CERT and the ZDN. Since this year, much work is being done online to build digital herd immunity: the Zorg Detectie Netwerk (ZDN). With this, Dutch healthcare facilities can arm themselves against digital viruses and other problems. Stichting Z-CERT, the centre of expertise in the area of cybersecurity in healthcare, is building this network in collaboration with over one hundred healthcare facilities, the National Cyber Security Centre (NCSC), and private parties.

Working on a collective cyber memory

The ZDN is best described as a collective memory for digital threats. In biology it is said that you are ‘immune’ to a certain disease when you have ‘memory cells’ that recognise the pathogens. These memory cells were created when you first encountered the pathogen. As soon as the pathogen rears its head again, the immune system goes to work. This ensures a quick and effective response. The Zorg Detectie Netwerk functions similarly against digital viruses and other cyberthreats. The ZDN is one of the initiatives developed by the specialists of Z-CERT to make healthcare safer.

Cybercrime has a growing impact on healthcare

In 2017, the three umbrella organisations NFU, NVZ and GGZ initiated the founding of Stichting Z-CERT. A necessary initiative, because healthcare was becoming an increasingly interesting target for cybercriminals and hackers. Especially given the fact that the digitalisation in healthcare was taking flight. Which also meant that data could fall into the wrong hands or could lead to disruptions in healthcare, by means of ransomware, data leaks, and the ability to hack medical equipment or e-Health applications.

At the beginning of this year, a report was published stating that hospitals are ill-prepared for IT malfunctions, which could put patient safety at risk[1]. One defective part or incorrect network setting could halt care proceedings in a hospital for hours, or even days.

Z-CERT alerts healthcare organisations to acute and latent threats, and offers support in arming against them in terms of prevention, detection, and reacting to an incident..

Cyber safety in times of Corona

Z-CERT has grown over the past few years, both in terms of participants and in staff. The team is still small, but it is driven and works on making digital healthcare safer every day. To do so, specialists work closely with national and international colleagues, organisations, and governments. Some of these collaborations gained momentum because of the Corona crisis. For example, the wijhelpenziekenhuizen.nl collective, in which cybersecurity companies united and offered their services for free via Z-CERT, to all hospitals in the Netherlands that were involved in cyber incidents. At the same time, Z-CERT was adding healthcare facilities to the Zorg Detectie Netwerk, with a primary focus on hospitals. The wijhelpenziekenhuizen.nl initiative was put on standby at the start of July. The Corona crisis seemed to have subsided and the requests for IT help stopped coming in.

The wave of digitalisation in healthcare demands attention for several aspects of cybersecurity

The Corona crisis shows that healthcare is taking tangible steps to increase digital security. The WannaCry attack on British hospitals in 2017, and the Citrix affair in early 2020, have already shown the vulnerability of the healthcare sector. But the recent ransomware attack on Maastricht University, too, in which the university eventually paid 30 bitcoin (the equivalent of €200.000) in ransom, has kicked things into gear.

Protecting patient and healthcare data is incredibly important for maintaining the trust in, and quality of, healthcare. At the same time, the search for optimal security and the protection of such data can impede innovations and slow down developments. To maintain a balance, several aspects are of importance. First of all it is necessary to sort out basic cyber hygiene. Think of adequate firewall settings, automatically blocking accounts after a certain number of incorrect password attempts, not allowing the use of personal USB sticks, and structurally backing up data.

It is also important to ensure that employees within an organisation are (more) aware of cyber threats. Think, for example, of a Chief Medical Information Officer (CMIO) who primarily focuses on innovation, and is aware of digital vulnerabilities. And create a clear overview of the chain of dependance in digital networks. Involve cybersecurity experts such as Chief Information Security Officers (CISOs) more explicitly as strategical conversation partners of the board of directors and medical specialists. Finally, the government must also play a part in terms of regulating and certifying medical equipment – think of the NEN7510 and the new European Medical Device Regulation which will take effect in May 2021.

Collaboration is increasingly important

The question of whether hospitals are the only ones responsible for the digital security of their patient data is a difficult one to answer. Cybersecurity is complex, and all parties involved in healthcare are responsible. Many parties play a role within the network in terms of collecting, storing, processing, and transporting data. The patient collects more and more data themselves as well through, for example, wearables. That is why not only other healthcare providers, but also IT suppliers, insurance providers, government institutions, and other stakeholders must be involved in the cybersecurity issues in healthcare.

And now, to persevere

A lot has yet to be done for Z-CERT. In the coming months, more healthcare organisations will be added to the Zorg Detectie Network. In practice, affiliated hospitals will share malicious activity in their network, such as the use of phishing or malware, with the network. In cybersecurity terms these are called ‘IOCs’ (Indicators of Compromise). An IOC is immediately recognised by the other affiliated healthcare facilities. They can then dispose of the ‘pathogen’ before it reaches essential networks.

By now, many IOCs of phishing sites, ransomware and other malware have been added to the network. Recently, IOCs were added which are associated with state actors trying to break into American research groups conducting COVID-19-related research. By sharing these IOCs here as well, Z-CERT wants to prevent the possibility of Dutch research falling victim to espionage by state actors.

In short: the ZDN is more relevant than ever. There is great willingness among participants to join in. They also realise: ‘a threat to one is a warning to the other’. Only together can we make digital healthcare safer. On to cyber herd immunity!


  1. Onderzoeksraad voor Veiligheid. Patiëntveiligheid bij ICT-uitval in ziekenhuizen. Februari 2020


Christiaan Piek & Wim Hafkamp

Stichting Z-CERT, founded by the NVZ, NFU, and GGZ the Netherlands, is the Computer Emergency Response Team for the healthcare sector. The organisation helps affiliated healthcare institutions monitor, prevent, and repair IT incidents, and is seen as the cybersecurity system for healthcare. Wim Hafkamp has been the director of Z-CERT since April 1, 2020. Before that, he was interim director at the National Cyber Security Centre of the Department of Justice and Safety, and until 2018 he was responsible for data security at the Rabobank Group. Christiaan Piek was interim director at Z-CERT until April 1, and is currently still involved as a strategic adviser.