The COVID-19 pandemic has been a transformative experience for many organizations, and GGD GHOR Nederland is no exception. As the crisis manager for ICT and data security, Erik Jan Koedijk shares his reflections on how the organization navigated through these challenging times, the obstacles they encountered, and the lessons they learned along the way.
A challenging start
In early 2020, GGD GHOR Nederland, like the rest of the Netherlands, was suddenly faced with the unprecedented challenges of the COVID-19 pandemic. The situation was exacerbated by years of budget cuts, which had left the organization underprepared for such a large-scale health crisis. Erik Jan explains, “There had been years of budget cuts to the GGD, which left us underprepared for such a large-scale health crisis. It highlighted the importance of continuous investment in public health infrastructure, even during calmer times. The pandemic underscored how critical it is to have a well-funded and prepared public health system, capable of scaling up in response to emergencies.”
Initial response and key decisions
The organization quickly realized the necessity of establishing a centralized system to manage testing, contact tracing, and eventually, vaccination efforts. This task was monumental, given the decentralized nature of the Netherlands’ public health system, which comprises 25 regional GGDs and GHOR offices, each with its own systems and procedures.
To tackle this, tens of thousands of temporary workers were recruited to assist with various tasks, from administering tests and vaccinations to managing one of the world’s largest call centers at the crisis’s peak. “We had to set up a flexible system,” Erik Jan notes. “This meant that, for example, someone from Rotterdam could easily get vaccinated in Twente. The flexibility was crucial for ensuring accessibility and efficiency across the country.”
The initial steps involved not only setting up infrastructure but also quickly scaling operations. This included the rapid development and deployment of the CoronIT system, a new platform designed to handle the scheduling and registration of vaccinations, which had to be integrated with existing systems on the fly.
Challenges with systems and security
As the crisis unfolded, it brought to light significant challenges, particularly around data security. The systems initially in place were designed for local epidemic control and had to be adapted quickly for a national scale. This rapid expansion and adaptation created vulnerabilities.
Trust was a foundational principle in these systems, built on the assumption that most people in public health roles act in good faith. However, this trust was tested when a small number of temporary employees misused their access to sensitive data. Media reports in 2021 revealed that data theft involving information from potentially millions of individuals had occurred, though subsequent investigations clarified that the actual number affected was around 1,250.
“We immediately conducted a fact-finding investigation to prevent misinformation from spreading,” Erik Jan says. “While we couldn’t stop all the misinformation, we took swift action, including collaborating with police and other regulatory bodies, and implementing stricter security measures.” The breach highlighted the need for robust data security measures and the dangers of assuming that good intentions alone would protect sensitive information.
Adapting and learning
In response to these incidents, GGD GHOR Nederland set up a Security Operations Center (SOC) to monitor unusual activities among staff, such as accessing multiple files in a seemingly random manner. This SOC helps detect and prevent potential data misuse, providing a layer of oversight and security that was previously lacking.
“We had to deal with various forms of fraud and even threats to our employees,” Erik Jan recalls. “From individuals trying to skip the line for vaccines to employees being harassed or even targeted by criminals, it was a complex and challenging environment.” The organization also faced issues like doxing, phishing attacks, and even threats of physical violence against staff members.
The SOC’s role became crucial not only in monitoring for security breaches but also in maintaining trust within the organization and with the public. It acted as a safeguard against both internal and external threats, ensuring that any suspicious behavior was promptly investigated.
Moving forward
Despite the difficulties, the crisis led to a greater awareness of data security within the organization. Employees began to think more proactively about the safety of data in new initiatives. The SOC has become an integral part of this ongoing vigilance, continuously monitoring systems and improving protocols to prevent future breaches.
The pandemic experience has also underscored the importance of having knowledgeable cybersecurity staff who can effectively engage with suppliers and partners. This expertise is crucial for asking the right questions and ensuring that security measures are up to date and effective.
Looking ahead, Erik Jan emphasizes the need for robust cybersecurity measures, including two-factor authentication and restrictions on local data storage. He also highlights the importance of having knowledgeable cybersecurity staff who can effectively engage with suppliers and partners. “Our experience showed us that even in times of crisis, maintaining strong security protocols is essential,” he adds. “We must be vigilant and prepared to adapt to new threats as they arise.”
Future preparedness
To better prepare for future crises, GGD GHOR Nederland advocates for more investment in public health information systems. The pandemic demonstrated the value of data-driven approaches, such as the targeted use of vaccination buses in specific neighborhoods. This initiative, based on detailed local data, helped increase vaccination rates in areas that might otherwise have been underserved.
Erik Jan also stresses the importance of continuous training and awareness for all employees. “One of the key lessons we’ve learned is that security isn’t just a technological issue; it’s also about people. Ensuring that everyone understands the importance of data security and how to recognize potential threats is critical.”
The experience of the pandemic has underscored the importance of continuous improvement and vigilance in public health, cybersecurity, and crisis management. The organization plans to leverage the lessons learned to enhance its systems and protocols, ensuring they are better prepared for any future crises.
As Erik Jan concludes, “Staying informed, working together, and having a clear, consistent message are key to overcoming any crisis. We must continue to build on the knowledge we’ve gained and remain vigilant against new and emerging threats.” This forward-looking approach, combined with a commitment to public health and security, positions GGD GHOR Nederland to face future challenges with resilience and confidence.
For more details, you can view the original article here.
What Cybersecurity.vision offers
For more information on how we can help your organization, visit our services offerings at Cybersecurity.vision.