📣@3x
Discover our latest testimonial!: “De Heus - Strong together on security, privacy, and integrity”
Success stories
  Jul 18, 2025  · Karen Sipsma

Zuyderland x Awareways

Zuyderland Medical Center raises information security: A multiple year plan with employee engagement as key factor

Zuyderland-communicatieconcept-800x656
comp

About the company

Zuyderland Medical Center consists of approximately 11,000 employees in hospitals, healthcare centers, rehabilitation, youth healthcare, hospices, home care, and domestic assistance in Limburg (NL).

 

Zuyderland was formed from the Atrium Medical Center Parkstad and Orbis Medical and Healthcare Concern Sittard-Geleen. These healthcare institutions merged on January 1, 2015.

file

The need

In an era where protecting information is becoming increasingly important, Zuyderland Hospital has made a significant effort over the past three years to strengthen its information security.

 

The hospital, which plays a crucial role in the healthcare of South Limburg, has focused not only on technological improvements but especially on engaging all 11,000 employees in the security process.

check

The solution

For Zuyderland, Awareways developed the communication campaign, "Caring for our digital information is of vital importance." This campaign connected with employees by linking it to the core mission of Zuyderland, emphasizing a signal of shared importance, distinguishing it from the physical domain, and conveying a clear sense of urgency.

 

In addition to this campaign, Zuyderland combines Wave trainings specifically for healthcare with phishing simulations.

The Imperative: It's Not Just About Certification

The awareness campaign that Zuyderland started three years ago in collaboration with security awareness organization Awareways was born from both external requirements and internal motivation. While NEN7510 certification was a significant driver, it was also clear that the organization wanted to raise its maturity level in information security.


“We noticed that awareness of cyber threats like ransomware and phishing was insufficient within the organization,” says Information Security Officer Maroche Delnoy, who is responsible for the security awareness approach. “The fact that healthcare staff are less familiar with digital risks than employees who work at a computer daily was a reason for us to take structured action.”

Maroche-e1733906251135-800x920

Technological innovations to enable safe work

In addition to raising awareness, Zuyderland has also invested in technological solutions to better facilitate secure work for employees. Staff are encouraged to use a password vault and to further secure their accounts with two-factor authentication (2FA). Furthermore, a tool is used for secure email traffic to prevent sensitive data from falling into the wrong hands. While these measures make it easier for employees to work safely, the real challenge lies in changing attitudes and working methods.

Employee engagement: the key to success

zuyderland-1

 

What sets Zuyderland apart is its focus on employee engagement. “Information security is often seen as an IT party,” says Maroche. “But it affects all parts of the organization, and we have to keep emphasizing that.” This realization led to a broad awareness campaign centered on training and phishing simulations. The training focuses on topics such as phishing, password management, and handling patient data securely. The progress is monitored and discussed with department heads through reports from Awareways, such as click rates from phishing simulations.

A remarkable result is the cultural change within the hospital. Where information security was previously seen as the responsibility of the IT department, it's now more broadly supported throughout the organization. “It's great to see that department heads are now having conversations with employees themselves about working safely, for example, if someone doesn't lock their screen,” says Maroche. Furthermore, the cultural change is visible in the drop in the click-through rate for phishing simulations, which has been reduced from 25 percent to 14 percent.

The path to a digital duty of care

Information security has become an extension of the duty of care that Zuyderland bears. While the hospital has always ensured that patients can physically leave the hospital safely, a "digital duty of care" has now also emerged. This means that the protection of digital patient data is just as important as physical care. “We are seeing that employees are understanding this better and better, and that it is becoming more and more a part of their daily work,” says Maroche.

Zuyderland-scherm-800x497

Conclusion

With their approach, Zuyderland Medical Center demonstrates that effective information security goes beyond just technology. By actively involving employees, creating a culture of responsibility, and continuously investing in both training and technology, the hospital has laid a solid foundation for protecting client data in the future. This program serves as an example for other healthcare institutions that want to improve their information security and view their employees as allies in the process.

Other success stories

Expert support

picture-2

Daan Verwaaijen

Client Relations

Expert support

Need help finding what you’re looking for?
Contact our client support experts!

Talk to an expert