Privacy & data protection for digitalisation of healthcare

Protection of privacy and data in healthcare

Organisations are evolving rapidly and through technology they are constantly changing. This also applies to healthcare organisations. Some of the challenges the healthcare sector is now facing are the shortage on the labor market and the provision of optimal care across the entire chain. Are your patient data well protected and the secure exchange thereof? Are you already future-proof? We partner with healthcare organisations to address challenges posed by digitalisation. Our starting point is that we help to provide better quality healthcare at a socially lower cost.

Examples of how PwC is helping clients

Digital transformation in healthcare starts with digital integrity

Good healthcare in a digital age means that IT systems are in order and reliable and that patient data can be exchanged in a good and reliable manner. The digital transformation of many healthcare institutions is stalling because the security of data and healthcare systems cannot be sufficiently guaranteed and there is a lot of uncertainty about the (legal) conditions under which data may be shared. Medical data must be collected, secured and shared in a (standardised) manner that is in line with the care duty of care providers and meets the statutory requirements pursuant to the GDPR and care-specific legislation such as the WGBO. If this is not the case, the care organisation does not act in accordance with the law and/or a data risk arises for the care environment.

As security specialists, we map the security risks of used and new technologies. We help you design ‘good practices’ for your entire IT landscape, including data, infrastructure and applications. Our lawyers are familiar with relevant laws and regulations, regulations and standards in the field of privacy, health law and data protection. We keep compliance manageable with AI and Machine Learning. In this way we help you with your digital transformation and your digital integrity.

The human firewall works best

In healthcare, human-centric security provides the best protection against digital threats. Even the most advanced technological security facilities fall short if your employees are not alert to (digital) threats. Therefore, the security gene in your organisational DNA must be nurtured and shared.

We train your employees to recognize security threats and to integrate "safe practices" into daily routines. Social Engineering experiments increase awareness of risks among employees. We organise crisis leadership simulations and awareness training for managers. We make behavioral changes measurable with our specially developed metrics.

Be prepared for that inevitable cyber incident

Society is increasingly dependent on technology, which considerably increases the risk of cyber incidents. Your healthcare organisation must be prepared to respond quickly, efficiently and appropriately to a cyber incident or the leakage of sensitive information. Together with your organisation, we answer the question, how to act in the event of a cyber incident. Being prepared for an incident helps your organisation to respond faster and better when an incident occurs. This limits the financial damage and ensures that you can return to the normal situation faster.

We help you to be prepared for a cyber incident. This can be done by practicing your Incident Response procedures or simulating a cyber attack. However, should things go wrong, we are available 24/7 to help you in the event of a cyber incident. Our forensic experts help you gather and secure the necessary evidence in a legally valid manner. We have years of experience in preparing organisations and investigating cyber incidents. This makes it possible to help before it is too late.

Emerge stronger from a healthcare crisis

In healthcare too, it is an illusion to think that your organisation is fully prepared for a crisis. There are too many emergencies that you cannot prepare for. Good crisis management helps executives to take the right measures at the right time and not to deviate from their course. And by learning from your response to this crisis, you are better prepared for the next one.

We train managers on the basis of tailor-made crisis simulations to be able to execute under pressure what the crisis plan prescribes. We develop crisis exercise scenarios for all management layers and update your recovery plans.

Your digital identity needs a gatekeeper

Healthcare institutions work with complex networks and sensitive data. Without careful procedures for establishing the identity and access rights of everyone who wants access and intelligent and risk-based access management, your healthcare organisation cannot safely participate in the data traffic. Certainly not now that the privacy rules have been tightened on this point. A professional Identity & Access Management (IAM) system is the reliable gatekeeper for your business-critical and privacy-sensitive information.

Our IAM experts ensure that the right people have access to the right information sources for the right reasons, and can be easily reported to various stakeholders. Applied correctly, IAM increases operational efficiency, reduces costs and simplifies the accountability cycle.

In the cloud with embedded data protection

If you place your healthcare applications in the cloud, the security facilities will shift. In addition to being faced with new issues regarding the integration of your cloud environment with your own on-premise environment, you also get new management procedures, configurations and management systems specific to the cloud. If you also actively develop software yourself, you must take security and privacy by design into account. Information security and compliance regulations are already built into the design phase. They are automatically included in subsequent development cycles as much as possible and make it possible to anticipate changes in the risk profile of your care environment (DevSecOps) at an early stage.

As cloud engineers, we work together with security and governance experts to design end-to-end solutions. We help install a platform to identify cyber risks in your developed software and link this to impact on your business.

If desired, we support you with assessment and certification, and we coach and train users and management.

Prevention is still better than cure

Now that cyber breaches are no longer just incidents, prevention is becoming increasingly important. This applies in particular to healthcare organisations, where the continuity and safety of the healthcare process is paramount. With Security Monitoring you proactively detect threats and risks in your digital environment and measure the effectiveness of security and compliance measures taken. It is therefore an indispensable link in your legally required Incident Response strategy.

We help you tailor your security strategy to the continuity requirements of your organisation. We do this by implementing an Information Security Management System and conducting business impact analyses. We support the design, implementation, technical support, certification process and user training. We proactively assist your Chief Information Security Officer and provide a second opinion during application audits.

OT systems are the weak spot of your security network

In healthcare too, the security of operational technologies (such as MRI scanners, pulverisers and pacemakers) is an underestimated problem. Devices and machines communicate with each other and with systems and platforms. OT and IT worlds are increasingly merging. But the integration seldom runs smoothly. Most OT systems used by healthcare institutions are designed for use in an isolated environment and if not properly and securely integrated in IT networks, the systems can be vulnerable to hackers. The legislator also requests additional measures: the Network and Information Systems Security Act (Wbni) obliges your organisation to make OT systems cyber-safe.

We help you improve the security of your OT environment. After a quick scan, we prepare a threat and maturity analysis and make recommendations to improve your security. We include the results in an OT Security Strategy. Furthermore, we can also guide you in transformation processes necessary to improve the security in your OT environment.

Unburden your cybersecurity teams

For optimal cyber security in healthcare, it is necessary to relieve the often overloaded and understaffed security teams as much as possible. This is possible if they have the most modern means to preventively spot cyber threats and filter clues from critical systems. Setting up a Security Operations Center (SOC) helps to centrally monitor and manage all threats in the IT landscape.

We can rely on experience with Incident Response activities that we do in 40 countries. We take this knowledge into account when setting up a SOC. We ensure that all security measures are coordinated automatically from here. In addition, Managed Detection & Response (MDR) provides visibility of what is happening on all endpoints and through prevention, detection, response and threat hunting we can respond in real time to new threats. This extra layer of security fully integrates into the existing cyber security components to make optimal use of the available information, so that better protection can be provided against cyber attacks.


A framework for safe healthcare data

Guaranteeing the security of personal data is an important, if not the most important asset of data-rich healthcare institutions. Cure and care organisations must be able to comply with the stricter privacy rules that they require when managing and exchanging medical data and that they can justify that the organisation acts in accordance with the other national and international medical laws and codes of conduct and standards. A data framework is an indispensable support in this.

We help you set up an organisation, framework, processes, procedures and technology for trading in collecting, managing, enriching, securing and exchanging data. We analyse process standards and best practices, advise on the legal obligations and consequences of sector-specific privacy and health legislation in the EU and beyond, and introduce analysis techniques and tools. We train your management and employees in awareness and, for example, the role of Data Protection Officer.

Test your resilience against cyber security threats

In order to keep pace with the high development speed of cyber security threats in your healthcare environment, the security measures taken must be continuously tested for their resilience to new threats. Attack scenarios should be simulated to optimise your resilience. Our ethical hackers can reveal unseen risks and our cyber defense specialists can help you optimise your preventive and detective control measures. In combination with adequate Threat & Vulnerability Management, you ensure that all vulnerabilities are exposed in a structured manner and that security tests are in line with the practice of today and tomorrow.

Our specialists perform custom simulations to optimise your defense. Under supervision, our specialists penetrate your networks and try to hide their hacking attack for as long as possible. We feedback the implementation of these so-called red teaming tests to your organisation and can help to optimise your detection and response options cost-effectively.

Contact us

Willeke Bakker

Willeke Bakker

Partner, PwC Netherlands

Tel: +31 (0)61 089 31 82

Follow us