Zero Trust in action: Jan Yperman Ziekenhuis

While much of the discussion around cybersecurity is currently on the impact of new remote workers trying to connect to corporate networks designed with office-based access in mind, the proliferation of connected devices has, arguably, had a much more dramatic impact on protecting mission-critical services.

This is an area that the hospital Jan Yperman Ziekenhuis knows well. Formed from the merger of three smaller hospitals in 1998, the hospital now employs more than 1,300 employees and 130 doctors with an emphasis on technology. Its use of connected devices has increased significantly, and it was this growth that prompted the hospital to start to implement a Zero Trust approach.

“Due to the nature of procurement, many of our new devices, while innovative in what they do, are behind when it comes to cybersecurity,” said Jürgen Taverniers, IT System Engineer at Jan Yperman. “Adding them to the network, while critical to their functionality, presents a security risk. By taking a Zero Trust approach and implementing segmentation, we can separate them from our mission-critical services and apps, without impacting their usability. That way, we can fully secure both the device and the wider network.”
This applies to medical devices but also to the personal technology clinicians use as part of their work. “We might have nurses taking patient’s vitals, capturing it with a tablet and uploading that data directly to the patient’s e-record. Then we have a mix of hospital-issued devices, which we can control and centrally manage, and bring-your-own, which we have little to no oversight on. These are all endpoints wanting access to the system, all posing their own threats. Being able to track behavior and manage access through context allows our clients to do their work without increasing the risk to the hospital’s digital footprint.”

The hospital also benefits from Orange Cyberdefense’s Managed Detection and Response service, which provides ongoing feedback and updates on any potential threats or anomalies on the Jan Yperman network. “The nature of our organization is such that we need an ongoing monitoring system,” said Taverniers. “Through Orange Cyberdefense, any anomalies are picked up, the team there alerts us, and we can then isolate, investigate and take any necessary action. It’s an extra layer which means that nothing is going to get overlooked and turn into a problem.”

And what do those users think of the Zero Trust approach? “At a senior level, we’ve had significant buy-in,” Taverniers explained. “There’s been a greater need to combat misconceptions of Zero Trust, such as it’s not a product but an approach, with the technical teams implementing it, but at an individual, non-technical level, users aren’t really aware. We run education and awareness classes each year to remind clinicians and administrative staff about being cyber secure, improving password security, and all that, but if we do our jobs properly, most people shouldn’t even notice that we’ve implemented a Zero Trust approach. They should just be able to go about their day.”