The Maasstad Hospital and Spijkenisse Medical Center (SMC) have been using SecureMe2 Cyberalarm since January 2017. “It provides me with insight in our cyber security and that is exactly what we need as an organization,” says John Verschoor, Team Leader ICT Technical Management at Maasstad Hospital and SMC.
“We noticed an increasing amount of threats approaching us. Ransomware, for example, which in some cases is deliberately targeted at hospitals. And without the right tooling you will not be able to detect this. That is why we needed a solution that gives us 24/7 insight into what is happening on our network,” says Verschoor.
Verschoor emphasizes that cyber security is quite literally of vital importance for any hospital. “In regards to cyber security in hospitals, you almost always come across the major vendors. Not only are their solutions often very expensive, but most of the time they do not fully protect us or they are simply too extensive or too complex. A hospital needs real-time insights into their network. And most products do not sufficiently meet our needs. Firewalls block incoming threats, but do not detect threats from within the network, such as phishing emails and infected USBs. And that poses the greatest danger to us. Preventing incidents is a utopia, since there is always the chance of human error. So we need to be able to detect when things go wrong. You want to be aware, especially when it regards unwanted communication from our network to the internet, including data about our patients. Awareness gives me the opportunity to solve the issue. And Cyberalarm offers that awareness”, says Verschoor. He emphasizes that the solution is affordable and quick to implement. “The costs are very limited and the installation did not take long. I had to unpack the sensor and connect the cables to the switch and a tension port. Then it registers itself in the SecureMe2 computer center and after half an hour we were able to use it and we saw the first notifications coming in.”
Cyberalarm shows what is happening in our network at host level. So it also shows us how our medical equipment that is connected to the network is doing. Verschoor: “If something is detected, I can intervene by immediately removing a potentially infected workstation or device from the network, rinsing it clean and putting it back. Cyberalarm fills a gap for SMEs. As an SME, you are actually in a ‘forgotten sector’ when it comes to security. You just don’t have the budget and administrators to buy a regular expensive enterprise-focussed solution. The average SME usually does not have a virtual environment available to run that software. With SecureMe2 Cyberalarm you don’t have those issues while it offers valuable insights and a feeling of peace of mind.”
He started the Cyberalarm as a pilot in the SMC. This regards around 500 workplaces, including the so-called modalities: specialized medical equipment that is connected to the network. Cyberalarm monitors all traffic from all equipment connected to the network. So, for example, if an infusion pump is taken over, we will detect that.
He was very excited about the results from the pilot with Cyberalarm. “It worked very well. For example, the system immediately detected a network printer that was approached from Ukraine via an open port. In retrospect, the impact was not too bad, but I would never have noticed that without this solution”, says Verschoor. Based on the experiences in the SMC, Maasstad Hospital has also decided to implement Cyberalarm for all networks.
One Cyberalarm sensor works for a network with around 500 workplaces. This was fine for SMC in the beginning, but it was later scaled up to a redundant device with heavier sensors in connection with the expansion of the networks. There are at least 2,500 workplaces in Maasstad Hospital. To this end, SecureMe2 has installed several devices in parallel in the various data centers. “That went smoothly as well.”