Because of the corona crisis, healthcare organizations are exchanging much more medical data, so safe and reliable data exchange has become more important. Enovation’s products and services can make a major contribution to this.
Enovation Group is an international organization with its headquarters in Capelle aan den IJssel. Enovation has been linking information systems and (medical) devices for more than 35 years. Enovation also ensures safe exchange of medical data in healthcare, for example through Secure Email. Enovation is the connecting factor between people, systems and organizations. Every day, more than 24,000 care organizations have access to correct data by using their products and services. Safety and transparency are paramount at Enovation. They also attach great importance to information security principles.
How does the corona crisis affect Enovation’s internal and external operations and what can we learn from them in this crisis?
Indra van Alphen will discuss this with Bianca Brooijmans and Dré Lameir.
Dré is Chief Information Security Officer of the Enovation Group. He has been interested in information security for years, both from a privacy and a technical point of view. He thinks it is important to have access to your own data and to have control over your own rights. “Information technology provides the perfect means to violate your self-determination, very quickly and to a great extent without you even noticing. This has always had my interest and with Bianca I have found my like-minded soul. We therefore both believe that the concept of privacy cannot be guaranteed without information security, ”says Dré.
Dré has been working intensively with Bianca Brooijmans, Data Protection Officer of Enovation Group for more than 7 years. Bianca fully underlines the connection that Dré sketches and, as a DPO, she is also interested in the broad aspect of Information Security and Privacy. “Because in the“ new ”regulation, information security, privacy, technology and contractual obligations come together more than ever before, for me it is not privacy or information security but the intersection which makes the whole of data protection stronger, especially in IT solutions like ours. In addition to an interesting and dynamic work field, as a nice side effect within Enovation, it has resulted in a very pleasant and successful collaboration with our CISO!
How does the corona crisis affect the products and services you provide?
Dré: “In essence, we always stand for safe and seamless communication (in healthcare). So for us this is business as usual. There are exceptional cases where customers ask for something extra from us, and if we can help them, we will be happy to do so. The request for help [such as increased communication in the case of corona] is not answered by us with new solutions, but to a great extent fits seamlessly with what we have always done. ”
Bianca adds: “We can answer the questions that hospitals currently have, for example, with our existing services and provide an operational solution in the very short term.” Despite the crisis, the situation at Enovation has remained unchanged. If they had leaked patient data or delivered it to the wrong party 30 years ago, Enovation would of course already have a problem. Since the advent of the General Data Protection Regulation, this is now referred to as a data breach and there is often a lot of media attention for this.
Basically, Enovation’s services have not changed. However, they have of course continued with new technologies and information security measures. There are more requirements when it comes to safeguarding security and privacy, but basically the idea of how to handle privacy-sensitive data is no different from 30 years ago. “It has been in our DNA for many years.”
“It is also not the case that we suddenly think: there are so many more IC recordings or there is suddenly a large lab flow with tests, which we must now treat differently. That is also business as usual for us, because if you go to an STI clinic tomorrow and have a test there, you don’t want people to be able to read without permission or without your knowledge, ”says Bianca.
Finally, Bianca states: “We have not jumped into the hole to build a corona app. We are not necessarily an app builder and there are many questions in the background, regarding privacy, ethics and feasibility. We did say that if it is decided that such an app will be introduced, with all the appropriate and necessary guarantees, we will have the appropriate services to provide the secure communication channel needed for that.”
At the moment, Enovation employees mainly work from home. What do you think the risks are in the field of information security and how do you safeguard that?
“Are we going to shout Zoom very loudly now?” Dré wonders. “You were just ahead of me,” adds Bianca. Zoom has been discredited due to privacy and security issues. Enovation already did not work with Zoom commercially and Dré says that Enovation has prohibited to work with Zoom on and via company resources. They worked out Zoom’s vulnerabilities and communicated them transparently to their colleagues. They also technically blocked this. “That might be something that we wouldn’t have addressed so prominently otherwise, but would only pass on through a message,” says Bianca. Currently Enovation works commercially through Teams. They will continue to look for alternatives and additions, also because they can provide employees with advice. Because everyone now plays sports and hobbies at home, it is nice to be able to advise their colleagues about this.
“Just by coincidence, we were talking about a company-wide continuity test just before mandatory home working was announced. We discussed: if we do a big exercise, where we say “boys, there is now a (virtual) crisis and from tomorrow everyone has to work from home, what then?”. We were preparing that and then Mark Rutte took our idea and said on national TV that everyone had to work at home. That was quite a coincidence” say Bianca and Dré enthusiastically. In one fell swoop, having a very international company working at home is a bit exciting, but they do not find it painful. Due to its international character and the various branches at home and abroad, Enovation has always been well prepared for remote cooperation. Driven in part by the quality and information security concept (demonstrably made in ISO certifications, among other things), but also from their business philosophy, they were already ready to work at home on a large scale with many facilities available. For example, there is a VPN connection and almost everyone has a laptop. Of course there are also various standard practices. The laptops are encrypted and boarded up in such a way that you cannot install anything on it yourself. All their applications that they use in the office also work with two-factor authentication.
Personally, Bianca does not think that “risk thinking” within Enovation has suddenly increased. “What you do see now is that corona-related messages are generally a good way to address issues now. Because everyone now uses the word “corona”, people are quite quick or more inclined to click or download something” says Bianca. Dré adds: “Phishing becomes more attractive due to the urgency of the situation. If you are conditioned by the media coverage, you are more likely to click on an email. It is important to keep people alert to it”.
Immediately in the first week, after everyone worked at home, they held a major phishing campaign. This was already planned. “We have thought about whether we should continue or not. We actually said two of us, you know, it’s no different than if everyone were in the office. Consciousness must be the same, whether or not higher. So we just let the promotion continue” said Bianca.
Even for the corona crisis, everything is business as usual at Enovation. It is most important to be a safe and reliable communication channel at all times. The organization also works well from home. They have their technical facilities in order and pay a lot of attention to awareness among their employees. What we, as a reader, can learn from Enovation is to maintain knowledge and alertness in the area of privacy and security, and not let it get lost or give it less priority. Human action poses the greatest cyber risks. “Consciousness should always be the same, namely “high”,” said Bianca Brooijmans and Dré Lameir.
Visit the website for more information about information security & privacy.
Source: Digital World (May 18, 2020). Interview with Bianca Brooijmans and Dré Lameir from Enovation. Consulted from https://digitalewereld.webflow.io/blog/interview-met-bianca-brooijmans-en-dre-lameir-van-enovation.