ZORRO stands for "CARE Red Teaming Resilience Exercises" and is a Red teaming exercise especially for healthcare
We attack your organisation, while you try to defend & mitigate.
Evaluate your detection & response capabilities.
Learn from a specific scenario to minimize real damage from a real attack.
Ground your security investments in evidence and real numbers.
We stage a planned (cyber) attack on your organisation while recording every step.
You try to detect & mitigate the incoming attack.
Z-CERT has developed a framework for red teaming in healthcare together with the institutions of the Dutch healthcare sector. This framework is called ZORRO, which stands for “ZOrg Redteaming Resilience Exercises” and is based on the TIBER-NL program used in the financial sector.
With the ZORRO framework, we carry out red teaming in which we test the organization against realistic threats in healthcare. Here we use Tactics, Techniques and Procedures (TTPs) of cyber criminals who are active in the healthcare sector.
Z-CERT is an abbreviation of Computer Emergency Response Team for the healthcare sector. In other words: Z-CERT employs cybersecurity experts who help to keep healthcare institutions digitally safe. Every day, Z-CERT's first-line security specialists scan various sources for threats to the healthcare sector. The healthcare organizations themselves are responsible for the security of their digital systems, but if things go wrong Z-CERT can come to the rescue. For this reason, Z-CERT is also referred to as the 'digital fire brigade of the healthcare sector'.
In 2021, the Antoni van Leeuwenhoek Hospital (AVL) was the first party in the Netherlands to carry out a ZORRO test. The ZORRO test went very well, with AVL, Z-CERT and Securify working closely together to safely carry out a realistic attack.
Our team of experienced cyber experts has extensive knowledge in healthcare. We understand the specific challenges and regulatory requirements facing hospitals, enabling us to deliver targeted and effective ZORRO testing.
The ZORRO test goes beyond traditional penetration testing. We simulate real world attacks, combining both technical and social engineering techniques to identify vulnerabilities in your systems, processes and human factors. By holistically testing your organization's defenses, we provide a comprehensive view of your security posture.
Patient privacy and the security of healthcare systems are of paramount importance. Our Red Teamings focus on identifying potential vulnerabilities that could expose patient data or compromise critical infrastructure. By simulating advanced attacks, we help you strengthen your defenses.
Our red team operators mimic the tactics, techniques and procedures (TTPs) of real-world threat actors. By emulating their methodologies, we help you understand the potential risks your organization may face and identify security gaps. This proactive approach ensures that you can stay one step ahead of your opponents.
The ZORRO test provides more than just a list of vulnerabilities. We provide detailed reports detailing the vulnerabilities discovered, their potential impact and practical recommendations for mitigation. Our goal is to provide you with actionable insights to improve your security posture, protect patient data and increase overall resilience.
We understand the sensitive nature of healthcare. Confidentiality and trust are at the heart of our activities. Our team works with the utmost professionalism and discretion, ensuring that your organization's information remains secure throughout the engagement.