Cyber attack at AZ Monica | How digitally resilient is your organization?
by Gorik Van den Bergh
The recent cyber attack at Antwerp's AZ Monica hospital was a harsh wake-up call. IT systems were preemptively shut down, scheduled care had to be postponed and employees had to revert to paper procedures. Days later, crucial systems remained only marginally available, with a major impact on daily operations. And although this occurred in a hospital, the underlying message is clear: Any organization that relies on digital systems faces similar risks today.
Uncertainty is normal, disruption is not
In cyber incidents, many questions often remain unanswered in the initial phase: exactly how the attack occurred, whether (and what) data was captured and how long recovery will take. This is typical of a thorough technical and organizational analysis in complex IT environments.
What is immediately clear is the impact: downtime of systems, disrupted processes, increased pressure on employees and reputation risks. This applies not only to hospitals, but to any organization where continuity is crucial.
Why more and more organizations are being targeted
Cybercriminals have long since stopped limiting themselves to one sector. Organizations are attractive because they handle valuable and sensitive information, rely heavily on digital processes and have little room for long-term outages.
This is particularly true of hospitals, where highly sensitive medical data is processed and continuity is literally a matter of life and death. But the same dynamics play out in other sectors as well.
Often this does not require a particularly sophisticated attack. A missing security update, unclear responsibilities or one successful phishing email can be enough to seriously disrupt operations.
NIS2 makes resilience a governance issue
With the advent of NIS2, digital resilience becomes explicitly a management and board responsibility . Among other things, NIS2 requires organizations to:
know and document their digital risks;
take appropriate technical and organizational measures ;
be able to detect, manage and report incidents;
demonstrably prepare for continuity and recovery.
In other words, it is no longer enough to "have something of measures". Organizations must be able to demonstrate that risks are controlled and that their approach is effective.
From separate actions to a supported strategy
Incidents like AZ Monica's make it clear that true digital resilience is not created by one tool or one audit. It is an integral process in which you:
identify risks structurally;
Have vulnerabilities independently tested;
Make employees aware and involve them;
measures are not only defined, but also implemented and monitored;
regularly evaluates governance and controls.
In short: cyber resilience is a continuous improvement process. That requires more than IT, it requires leadership. Board and management need reliable insight to make informed decisions about investments, priorities and risk acceptance. Independent evaluation and assessment offer guidance: they make visible what works well, where adjustments are needed and where risks remain.
What Vandelanotte means for you
At Vandelanotte we help organizations to understand, manage and proactively strengthen digital risks. We do so not only through independent audits, but also through pragmatic advice and guidance, always tailored to your sector, structure and risk profile.
This form can only be sent with the use of technical cookies. You can accept these cookies here.
These cookies are used to distinguish people from bots. Certain data, such as your IP address or language preference, can be sent to Google. More information in our cookie policy.
Gorik Van den Bergh
Team Lead IT audit gorik.vandenbergh@vdl.be
Disclaimer
In our opinions, we rely on current legislation, interpretations and legal doctrine. This does not prevent the administration from disputing them or from changing existing interpretations.
News and insights
Read our latest insights and news releases to stay abreast of changes in your industry.
