NIS2 in de zorg
25/03/2025

NIS2 compliance in healthcare: is your organization ready?

Cyberattacks in healthcare are on the rise, and NIS2 introduces stricter cybersecurity requirements. How can hospitals and healthcare providers prepare while ensuring compliance with this new directive?

 

The healthcare sector is increasingly targeted by cyberattacks. In 2024, Belgian healthcare organizations faced an average of 2,668 attacks per week. From ransomware incidents at hospitals to data breaches in medical records, the impact on patient safety and business continuity is severe.

 

In 2022, for example, hospitals within the Belgian healthcare group Vivalia were forced to cancel thousands of consultations due to a ransomware attack. And in 2024, the ransomware group Killsec published 50,000 stolen documents containing sensitive medical information of Belgian patients online.

 

With the introduction of the NIS2 Directive, healthcare providers and hospitals must significantly tighten their cybersecurity policies. But what does this really mean for the sector? And how can organizations prepare for this new regulation? In this blog, we take a closer look at the impact of NIS2 and provide a practical roadmap toward compliance.

 

NIS2 in healthcare: what's the impact?

 

The NIS2 Directive has been in force in Belgium since 18 October 2024. For healthcare organizations, this means:

 

  • Expanded scope: Hospitals, laboratories, and other healthcare providers now explicitly fall under the new rules.

  • CEO accountability: Management can be held personally liable in cases of negligence.

  • Mandatory reporting: Cyber incidents must be reported to the competent authorities within 24 hours.

  • Severe penalties for non-compliance: Healthcare organizations risk heavy fines if adequate measures are not in place.

  • Inspections and audits: National authorities will monitor compliance with cybersecurity obligations.

What does that mean in practice? Healthcare institutions must develop an active cybersecurity policy, with a focus on business continuity and risk management.

 

Cybersecurity challenges in healthcare 

 

Healthcare, and hospitals in particular, are becoming increasingly attractive targets for cybercriminals. Sensitive patient data is therefore a lucrative business for hackers who can sell this information on the dark web or use it for extortion.

 

Unfortunately, hospitals are vulnerable. Cybersecurity investments are not always sufficient, as limited budgets are primarily allocated to direct patient care, medical equipment, and staff. Digital security is thus treated as a "second priority," at least until an incident occurs.

 

These are the biggest cybersecurity pain points in healthcare:

 

  • Vulnerable IT infrastructure: Many hospitals operate with outdated IT systems that are not designed for modern cybersecurity threats. This increases the risk of data breaches and cyberattacks.
  • Staff as the weak link: Phishing and social engineering remain among the biggest threats. Employees unknowingly click on malicious links, which can lead to large-scale data breaches. Complexity of vendors and applications: Healthcare institutions work with various third-party vendors, such as EHR (Electronic Patient Record) and PACS (Picture Archiving and Communication System) vendors. Without clear security guidelines, these systems can become a gateway for cybercriminals.
  • Inadequate network security: Traditional perimeter security is no longer sufficient. Zero Trust Security is the new standard: every access to sensitive data must be continuously validated.

NIS2 in Healthcare: A Step-by-Step Guide to Compliance

 

To comply with NIS2, healthcare institutions should adopt a structured approach. This step-by-step plan will help organizations set the right priorities and get their cybersecurity policies in order on time.

Step 1: Identify your Crown Jewels

  • Which systems and data are the most critical? And what are the greatest risks?
  • Consider patient data, medical devices, and cloud services.
  • Use a Security Score Assessment to determine your current security status.

Step 2: Protect your organization with a strong security framework

  • Use recognized cybersecurity frameworks such as NIST, ISO27001, or the Belgian CyFun model.
  • Implement MFA (Multi-Factor Authentication), network segmentation, and strong password management procedures.

Step 3: Proactively detect threats

  • Use Security Information and Event Management (SIEM) to detect attacks early.
  • Perform regular penetration tests and a Cyber ​​Threat Assessment.
  • Strengthen your defenses with Identity & Access Management (IAM).
  • Identify hackers faster using honeypots (cybersecurity decoys).

Step 4: Train your employees

  • Organize cybersecurity awareness training to minimize human error.
  • Simulate phishing attacks to raise employee awareness of threats.
  • Develop a realistic Business Continuity Plan and test it annually.

Step 5: Track your suppliers and applications

  • Use a CMDB (Configuration Management Database) to map and track all your assets.
  • Evaluate your key third parties annually.
  • Lifecycle management and tracking CVEs (Common Vulnerabilities and Exposures) are essential to keeping your environment safe and sound.
  • Implement and validate strict security requirements for cloud and SaaS solution providers.

Cybersecurity: a continuous process

 

NIS2 isn't an IT problem, but an organization-wide security issue. Hospitals and healthcare institutions must take action now to become compliant. The key to success? Viewing security as a continuous process and collaborating with the right partners.

 

Want to know how your organization is doing? Have a security assessment performed and start your NIS2 strategy today.

 

Want to learn more about NIS2 and cybersecurity in healthcare? Contact an AXI expert and ensure your organization is ready for the future. 

 

 

Ontdek meer

Security Operations Center (SOC)
Blog

Why a SOC is key to NIS2 compliance and business continuity

NIS2 requires more than prevention. Discover why a SOC is the missing link for true digital resilience, and how you can get started with it in an accessible way.

fui oil
Case

Fuji Oil Europe digitizes business processes: from paper to Power Platform

Thanks to AXI, Fuji Oil Europe has transitioned from paper chaos to digital efficiency. With Power Apps, they are optimizing dozens of processes, saving time, and creating a flexible, transparent workflow.

Teamtel
News

AXI strengthens its SME market position with the acquisition of Teamtel (Zaventem, Belgium)

AXI is strengthening its expertise in data and AI with the acquisition of OQuila, a Ghent-based specialist in Microsoft technology. Together, they are building smart data solutions for medium-sized and large organizations.

cloudmigratie
Blog

Which cloud migration strategy is right for your legacy applications?

Cloud migration is not a one-size-fits-all story. For legacy applications, the options range from lift & shift to rebuilding in the cloud, each with its own advantages, risks, and technical requirements.

cfo
Blog

Predicting and budgeting cloud costs: control every euro with FinOps

The cloud offers unprecedented freedom and scalability, but also the risk of unpredictable costs. Traditional budgeting falls short. With FinOps, you regain control over every euro without slowing down innovation.

Prompting
Blog

“Copilot Does Nothing.” Or Are You Asking the Wrong Questions?

Many people find Copilot disappointing, but more often than not, the issue is poor prompts. In this blog, you’ll discover how to actually make Copilot work for you, with clear examples and practical tips.

SASE
Blog

SASE: How modern companies protect their digital environment

SASE transforms network security: discover how this integrated cloud solution protects your digital environment, regardless of where your employees work.

onboarding
Blog

From Chaos to Control: How to Streamline Onboarding with One Smart App

Onboarding doesn’t have to be chaotic. Discover how a single smart app, built with Microsoft Power Platform, brings structure, clarity, and a warm welcome to every new employee.

Goed Hulpmiddelen
Case

GOED secures IT continuity with AXI as a strategic partner.

For over 15 years, healthcare retailer GOED has relied on AXI for IT consultancy, infrastructure, and support, keeping its IT environment high-performing, secure, and future-ready.

Copilot-header-AXI
Blog

How to make your organization Copilot-ready?

Thinking about integrating Microsoft Copilot into your M365 environment? Get your organization ready with three crucial steps before you start working with this smart AI assistant.

OQuila
News

AXI strengthens its offering in data, AI and modern applications with Ghent-based OQuila

AXI is strengthening its expertise in data and AI with the acquisition of OQuila, a Ghent-based specialist in Microsoft technology. Together, they are building smart data solutions for medium-sized and large organizations.

NIS2 in de zorg
Blog

NIS2 compliance in healthcare: is your organization ready?

Cybersecurity is a constant threat to hospitals: the NIS2 directive forces healthcare institutions to take drastic measures for digital security and protection of patient data.

microsoft teams governance
Blog

How to keep access to your Microsoft team sites 100% under control with smart governance

Without proper management, Microsoft Teams usage can quickly spiral out of control. With AXI's Teams Governance app, you can prevent sprawl and uncontrolled access.

inactieve gebruikers
Blog

Time for a Cleanup? How Inactive Accounts Undermine Your IT Security

10% to 30% of Microsoft 365 licenses often remain unused. This is not only expensive but also risky. Proactive insight into users and devices helps prevent unnecessary expenditures.

AXI365 Proactive Care
Blog

Why security baselines are not enough for a secure Microsoft 365 environment

For a secure Microsoft 365 environment, it's best to look beyond Microsoft's standard recommendations – the security baselines. This requires a continuous and proactive approach.

AI trends 2025
Blog

5 Ways AI Will Shape Your Digital Workplace in 2025

What will 2025 bring for our digital workplace? How important will AI become, and how will your workplace benefit from it in practice? Digital Workplace specialist Carlo Usala highlights five trends.

AXI en 2Serve
Blog

2Serve ICT joins AXI

2Serve ICT is now part of AXI, under the banner of ITP Group, our SME division. This acquisition strengthens our offering and allows us to support our customers even better.

A&M - Familiehulp
Case

Familiehulp: Smartphone-as-a-Service

Familiehulp digitized processes with Proximus and A&M through a "Smartphones as a Service" solution, resulting in more efficient care, improved communication, and secure IT support for 9,000 employees.

Bart Verhelst en Paul Peeters
News

Bart Verhelst succeeds Paul Peeters as CEO of AXI

Effective January 1, 2025, we welcome Bart Verhelst as our new CEO. He will take over from Paul Peeters, who will become chairman of our board of directors after 17 years in this role. Bart will take the helm of our ambitious and fast-growing IT services company starting in the new year.

Security in Microsoft Copilot
Blog

Sensitive data? Here's how to work securely with Microsoft Copilot.

Microsoft 365 Copilot offers unprecedented opportunities for saving time and boosting productivity. But how secure is Copilot, really? What does Microsoft's AI assistant do with your data, and how can you avoid potential security risks?

NIS2
Blog

How Microsoft 365 Prepares Your Organization for NIS2

If your organization uses Microsoft 365 and you’re wondering how to comply with NIS2, we’ve got good news. Thanks to the built-in security features of Microsoft 365, you’re already well on your way to achieving NIS2 compliance.

Syntory
News

Netleaf and Core ICT join AXI

AXI heeft de Syntory Group overgenomen, ontstaan uit de fusie van cybersecurity-specialist Netleaf en IT-infrastructuur-expert Core ICT. Met deze overname speelt AXI in op de groeiende vraag naar robuuste, schaalbare, en betrouwbare IT-oplossingen.

A&M
News

AXI and A&M strengthen each other with IT integration and telecom services

AXI acquires telecom service provider A&M. With this strategic move, AXI strengthens its role as an IT integrator and expands its portfolio with specialized telecom services. A&M is the top B2B telecom partner for large organizations in Belgium, working exclusively with Proximus.

Spikes
News

AXI expands Microsoft Cloud expertise with acquisition of Spikes

AXI has acquired Spikes. Within the group, Spikes will serve as the best-in-platform Microsoft Cloud competence center, offering a portfolio that strongly complements AXI’s existing services. As an added strength, Spikes brings the expertise to help customers integrate the latest Microsoft Cloud technologies, including data and (gen) AI, into their business processes.

Spikes - Zorgbedrijf
Case

Zorgbedrijf Antwerpen: innovation with impact

Spikes supports Zorgbedrijf Antwerpen in its digital transformation, using innovation to enhance the experiences of both patients and employees.

Groepsfoto AXI2AXI run
News

AXI colleagues walk, cycle and hike for the good cause Ferm'Eline

With heartwarming pride, we look back on the 9th edition of the AXI2AXI Run, which took place on Sunday, June 2nd. A well-established event in our organization, 67 dedicated AXI colleagues braved a challenging relay by running, walking, or cycling. Together they raised an astonishing €13,172.88 for the charity Ferm’Eline.

AXI Group neemt Datalink over
News

AXI Group acquires Datalink, based in Diepenbeek

AXI Group has acquired Datalink, an IT specialist based in Diepenbeek. With this acquisition, AXI Group expands its market share in the Belgian IT sector and, with a comprehensive portfolio of IT solutions, can even better support organizations in their digital transformation.

Sophos Central Endpoint and Server Partner 2022
News

AXI is Sophos Gold & Sophos Central Endpoint and Server Partner

Thanks to our extensive Sophos product knowledge, AXI consultants can provide you with the best support in rolling out user-friendly and future-proof endpoint and network security.

AXI customer case - Maaltijdapplicatie bij AZ Rivierenland
Case

How do you order your meal at work today?

At AZ Rivierenland, a merger of three hospitals in Antwerp, they implemented a meal planning application developed in M365, in addition to a brand-new centralized digital workspace. Curious how AXI set this up with them?

AXI customer case AZ Rivierenland DLP M365
Case

AZ Rivierenland protects patient data with Data Loss Prevention policies

At AZ Rivierenland, GDPR compliance and data governance are top priorities. As the hospital works with patients’ personal data, safeguarding that information is essential. To achieve this, it implemented Data Loss Prevention (DLP) policies within its M365 platform.

GoldPartnerAward-Dell-AXI
News

AXI wins Dell Technologies 'Gold Partner Award 2023'

AXI was nominated for Gold Partner of the Year and Business Development Partner of the Year at the Dell Technologies Partner Awards. Today, we're proud to announce that we've also won the 'Gold Partner of the Year' award.

AXI Digital neemt InterIT en ITP Group over
News

AXI acquires InterIT and ITP Group

AXI has acquired InterIT and ITP Group, two IT services companies. These acquisitions allow AXI to offer an even broader range of IT services and better support its customers with their digital transformation.

AXI geselecteerd voor VITO ICT Infrastructuur 2023 raamcontract
News

AXI selected within the VITO ICT Infrastructure 2023 framework contract

VITO (the Flemish Institute for Technological Research) has awarded 4 of the 5 lots in the government tender to AXI. The Belgian public sector can rely on AXI's solutions, expertise, and support for the purchase, rental, or leasing of IT infrastructure and services.

AXI persbericht 2023
News

AXI Group takes new strategic step to realize growth ambitions

In recent years, AXI has grown significantly, mainly through organic growth. Since Strada Partners came on board, AXI has made key acquisitions including Tilroy, InterIT, and ITP Group. The new streamlined group structure is the next logical step in AXI’s growth ambitions.

AXI Welcome Days 2023
News

The AXI Talent Program 2023 welcomes starters in style

The AXI Talent Program, designed to give new starters a warm welcome and quickly integrate them into the AXI family, welcomed 13 enthusiastic starters this year. They took their first steps at AXI, and they did so in style.

Een veilig en performant wireless bedrijfsnetwerk voor Wit-Gele-Kruis Limburg
Case

A secure and high-performance wireless business network for Wit-Gele-Kruis Limburg

AXI implemented a new Wi-Fi corporate network infrastructure with Aruba Wireless Access Points for the non-profit organization Wit-Gele-Kruis Limburg.

Solutions Partner for Digital & App Innovation
News

AXI Digital Transformation receives its second Microsoft designation

Hot off the press, AXI has achieved its second Microsoft Designation badge and is now also a Solutions Partner for Digital & App innovation.

AZ Rivierenland - AXI - customercase
Case

AZ Rivierenland accelerates digital transformation thanks to the M365 platform

AZ Rivierenland, a merger of three hospitals in Antwerp, faces the challenge of optimizing collaboration between its branches through a central digital workplace.

Jessa ziekenhuis - AXI image
Case

Jessa Hospital optimizes digital workplace with the M365 platform

In 2020, Jessa Hospital, the second-largest hospital in Limburg, began rolling out the M365 platform so that employees can work efficiently and focus on what's essential – care – via a centralized digital workplace.

AXI Customer Case AZ Sint-Blasius
Case

Worry-free switch to Microsoft Exchange Online for AZ Sint-Blasius

Together with AXI, AZ Sint-Blasius migrated 1,500 employee mailboxes from Microsoft Exchange on-premises to Exchange Online. By choosing the cloud, the hospital optimized its digital operations and security.

AXI & Strada 2022
News

AXI strengthens growth ambitions with new investor Strada Partners

AXI welcomes Strada Partners as its new majority shareholder. Strada Partners takes over from Indufin and is committed to driving growth in AXI’s software products and cloud services.

Tabor AXI Customer Case
Case

Taborgroep employees collaborate smarter thanks to migration to M365

AXI migrated Taborgroep’s on-premises SharePoint environment to the cloud-based M365 platform, enabling 3,000 users to communicate and collaborate more efficiently and securely. AXI also supported staff training to quickly get employees up to speed with MS Teams and SharePoint.

AXI referentie MC Sint-Jozef
Case

Medisch Centrum St.-Jozef enjoys a high-performance and secure wireless network

Today, patients, residents, visitors, and healthcare staff expect reliable mobile coverage. That’s why the campuses of Medisch Centrum St.-Jozef were equipped with a secure, high-performance Aruba Networks infrastructure. To better control access, the hospital uses Aruba ClearPass, the network access control solution.