Red teaming in healthcare
simulate attacks

ZORRO stands for "CARE Red Teaming Resilience Exercises" and is a Red teaming exercise especially for healthcare

  • Red Teamin aanval

    Stage a real attack

    We attack your organisation, while you try to defend & mitigate.

  • Evalueer mogelijkheden

    Measure capabilities

    Evaluate your detection & response capabilities.

  • Vergroot veerkracht door Red Teaming Test

    Increase resilience

    Learn from a specific scenario to minimize real damage from a real attack.

  • Investeer obv Red Teaming Test

    Invest strategically

    Ground your security investments in evidence and real numbers.

Our team

We stage a planned (cyber) attack on your organisation while recording every step.


Your team

You try to detect & mitigate the incoming attack.



Z-CERT has developed a framework for red teaming in healthcare together with the institutions of the Dutch healthcare sector. This framework is called ZORRO, which stands for “ZOrg Redteaming Resilience Exercises” and is based on the TIBER-NL program used in the financial sector.

With the ZORRO framework, we carry out red teaming in which we test the organization against realistic threats in healthcare. Here we use Tactics, Techniques and Procedures (TTPs) of cyber criminals who are active in the healthcare sector.



Z-CERT is an abbreviation of Computer Emergency Response Team for the healthcare sector. In other words: Z-CERT employs cybersecurity experts who help to keep healthcare institutions digitally safe. Every day, Z-CERT's first-line security specialists scan various sources for threats to the healthcare sector. The healthcare organizations themselves are responsible for the security of their digital systems, but if things go wrong Z-CERT can come to the rescue. For this reason, Z-CERT is also referred to as the 'digital fire brigade of the healthcare sector'.

(source: https://www.z-cert.nl/over-ons/)

First ZORRO test

In 2021, the Antoni van Leeuwenhoek Hospital (AVL) was the first party in the Netherlands to carry out a ZORRO test. The ZORRO test went very well, with AVL, Z-CERT and Securify working closely together to safely carry out a realistic attack.

Request a quote

What makes us unique

We have deep health expertise

Our team of experienced cyber experts has extensive knowledge in healthcare. We understand the specific challenges and regulatory requirements facing hospitals, enabling us to deliver targeted and effective ZORRO testing.

Comprehensive security reviews

The ZORRO test goes beyond traditional penetration testing. We simulate real world attacks, combining both technical and social engineering techniques to identify vulnerabilities in your systems, processes and human factors. By holistically testing your organization's defenses, we provide a comprehensive view of your security posture.

Protection of patient data

Patient privacy and the security of healthcare systems are of paramount importance. Our Red Teamings focus on identifying potential vulnerabilities that could expose patient data or compromise critical infrastructure. By simulating advanced attacks, we help you strengthen your defenses.

Real-World Threat Simulation

Our red team operators mimic the tactics, techniques and procedures (TTPs) of real-world threat actors. By emulating their methodologies, we help you understand the potential risks your organization may face and identify security gaps. This proactive approach ensures that you can stay one step ahead of your opponents.

Useful recommendations

The ZORRO test provides more than just a list of vulnerabilities. We provide detailed reports detailing the vulnerabilities discovered, their potential impact and practical recommendations for mitigation. Our goal is to provide you with actionable insights to improve your security posture, protect patient data and increase overall resilience.

Confidentiality and trust

We understand the sensitive nature of healthcare. Confidentiality and trust are at the heart of our activities. Our team works with the utmost professionalism and discretion, ensuring that your organization's information remains secure throughout the engagement.

Want to execute a ZORRO test?