Responding to the growing complexity and risks in healthcare networks

Modern hospital networks are faced with exponential complexity. Not only do they have to support a growing number of specialised equipment (scanners, medical robots, radiology systems), but they also have to ensure faultless redundancy, availability and security - imperatives that have been reinforced by the strict requirements of the NIS2 directive. This multiplication of connection points and management consoles (backup, hypervisors, Wi-Fi, IDS/IPS) ​ makes manual verification of the entire system humanly impossible.

IT teams, while competent and dedicated, lack the resources and time to manage this complexity. This creates a significant technological debt and increases the risk of breakdowns and security breaches. In these conditions, meeting the cybersecurity standards imposed by NIS2 can be very difficult.

Phase 1: Implementation and supervision.

• Hierarchy Definition: Organisation of equipment groups and types to simplify diagnosis and Disaster Recovery Planning (DRP). This step is crucial for good asset monitoring.
• Classic supervision: monitoring of essential components such as servers (CPU, RAM, storage), network (bandwidth, connectivity), backup consoles and hypervisors.
• From this stage onwards, we are able to provide the NIS2 (ADM-1) inventory in an automated and scalable way.

Phase 2: Optimisation and appropriation.

• Correction and Adaptation: Adjustments to the system according to the specific characteristics of the network.
• Adoption by the team: Training and familiarisation with the software by the teams so that they can use it independently on a daily basis.
• Alert definition: Configuration of relevant alert channels (dashboard, email, SMS) to avoid information overload and prioritise critical notifications, helping to manage production incidents (NIS2 compliance).

Phase 3: Advanced optimisation and additional functionalities.

This phase maximises the efficiency of the network.

• Specific monitoring: Addition of customised monitoring services for business software (Electronic Patient Record, business data exchange channels, Radiology, etc.), including database query management, file counting and back-up completeness.
• From this phase onwards, we have the NIS2 compliance part (ADM-2).
• Topology Scan: Creation of network topology maps (Weathermaps) that show bandwidth usage by scanning LLDP, CDP and MAC address protocols. This functionality provides a detailed mapping of the network, a key element in the event of a DRP/PRA.
• Log centralisation: Deployment of a Syslog server to centralise critical technical information, in compliance with NIS2 requirements, without the complexity of a SIEM.​

ESIA offers an integrated approach to securing and optimising hospital networks, transforming supervision into a strategic tool for operational resilience and NIS2 (CyFun) regulatory compliance.