In January 2022, Alphatron Medical started as a launching customer with NFIR’s Awareness Program. In a conversation with Mark Jan Berben, operations manager of Alphatron Medical, we look back on the experiences with this program.
About Alphatron Medical
Alphatron Medical supplies and develops technical hardware and software solutions to hospitals, taking patient care to the next level. For example, nurses work more safely and efficiently with their mobile healthcare workstations and Alphatron Medical has established a nationwide radiology image exchange network under the Twiin-Portal brand. This saves healthcare millions of DVDs a year and a multitude of courier costs. Alphatron Medical has several divisions, products and services with one common goal: to create flow in the work processes of healthcare professionals.
It also involves medical ICT workstations that can be used to work in the Electronic Patient Record (EHR). They include mobile and fixed portable, ceiling and wall systems with computers for nursing, in operating rooms, in intensive care units and in recovery rooms. There is also an Imaging division, which deals with healthcare content management solutions for all specialty departments, which work with medical images. There is also a department with concepts for cardio-pulmonary diagnostics, ECG and medical self-measurement kiosks.
The equipment and software are medically certified, meaning strict requirements for quality, safety and hygiene. Alphatron Medical’s work also includes consulting, installation and maintenance. Mark Jan Berben explains how that works in practice: “The mobile workstation for nursing is designed and set up in such a way that it allows you to perform all the necessary operations, in all systems. Authorizations for the systems used are built in. With each round of patients, vital signs are measured and medications are dispensed. The smart integration between hardware and software, coupled with the Electronic Patient Record, prevents human error and thus increases patient safety.
Triggered by these information security certifications, we spoke with NFIR about their Awareness Program
Information security certification
Alphatron was already certified via ISO 27001 for information security in general and via NEN 7510 for healthcare information security in particular. “Triggered by these information security certifications, we spoke with NFIR about their Awareness Program,” said Mark Jan Berben. “One of the elements of information security is awareness. Their program is a logical extension of that and another step in the cooperation we already had with NFIR. We previously received training from them and developed a film together. We use the Awareness Program internally for our own employees, but it is certainly the case that they take the lessons learned with them when they are with clients and also in their private situations. Hospitals and healthcare facilities are rightly increasingly critical of who they partner with as suppliers and partners and have invested heavily in security. NFIR’s program shows them how seriously we take information security.
Annual phishing simulations
“In cooperation with NFIR, we hold at least two simulations of phishing every year. We collectively set up an email that is sent widely to our employees and then watch their behavior. NFIR’s ethical hacker does a lot of preliminary research and knows exactly how to set up that mail. There is no wrong or right, because again it is about awareness and consciousness. This works very well. When we started this two years ago, it hit like a bomb. The times after that, our people were already sharper.”
So the need for such an Awareness Program is an ongoing one. Yes, humans are and always will be the weakest link in the whole, but with this program you make employees aware and therefore resilient.
Best practices in cybersecurity
Alphatron of course has other security and cybersecurity measures and procedures in place, such as access – physical and digital – zoning within the building, labeling confidential documents, two-factor authentication, secure clouds, using strong passwords and changing them regularly, logging and backing up systems and so on.
The Awareness Program
Mark Jan Berben is thickly satisfied with NFIR’s Awareness Program. “The program consists of modules and is mandatory for our employees. They receive two new modules on new topics every month throughout the year that they must go through and complete. The biggest eye opener for me was the positive response to the program, throughout the company. We have many different functions and therefore a great diversity of colleagues. With very different knowledge and experience in information security. For example, some colleagues frequently work with hospital Security Officers. They already have a lot of knowledge from their profession. But at Alphatron Medical, for example, we also have a production department with colleagues, who hardly ever come into contact with information security issues in their daily work. And I must say, the enthusiastic response about the program is coming from all departments.”
The program has a dashboard where you can see the modules as well as, for example, the level of participation by department and the scores in percentage per individual employee. As a result of the Awareness Program, Mark Jan Berben sees that the behavior of Alphatron employees has changed. “Yes, I am convinced that awareness of the risks has increased substantially. I also think the threats and risks are constantly changing, of course there is a sort of race between the criminals and hackers and their targets. So the need for such an Awareness Program is an ongoing one. Yes, humans are and always will be the weakest link in the whole, but with this program you make your employees aware and therefore resilient.”
NFIR offers a comprehensive 3-year Awareness Program consisting of e-learning modules, training sessions, phishing simulations and organized activities. NFIR also offers separate security awareness products such as phishing simulations and Incident Response Dry Runs. Are you interested in one or more security awareness solutions and do you also want to increase security awareness in a sustainable way within your organization? Then contact one of our security awareness accountants.
