Overview all Topics

A quarter of hospitals and GGD institutions do not have security in order

Reading time: 2 minutes

Whopping a quarter of all hospitals and GGD departments in the Netherlands do not have security in order. This is evident from a study by The Internet Cleaning Foundation in June of 2021. 

Security: more than just physical security

Security is about more than just placing well-trained security guards in a building. Depending on the building to be protected or the people and/or objects to be protected, physical protection is often also used digital security, for example in the form of cameras. 

Since the arrival of the internet, this is not the end of the matter. Institutions dealing with confidential and/or sensitive data, such as hospitals and other healthcare institutions, must also pay attention to cybersecurity

What is Cyber ​​Security?

Cybersecurity includes all security activities that protect a company, organization or institution against digital threats such as:

  • virus attacks;
  • DDoS attacks;
  • spam;
  • phishing?
  • theft of (sensitive) personal data;
  • and corporate espionage. 

So cybersecurity is actually a form of information security

Cyber ​​security not in order in a quarter of hospitals and GGD institutions

The research by The Internet Cleanup Foundation therefore showed that not all healthcare institutions had their information security in order. The foundation investigated almost 5900 domains of 116 hospitals and GGDs. The Internet Cleanup Foundation found no vulnerabilities in basic security at three-quarters of the healthcare institutions surveyed. But at a quarter of all institutions was the Basic security is not in order. 

These are often separate domains that are separate from the general website of the institution. For example, project domains were regularly encountered that deal with specific disorders, such as Alzheimer's disease, gallbladder or depression. 

These domains often lacked security headers. Also, DNSSEC was often not used or the e-mail server was configured incorrectly (SPF, DKIM and DMARC). The results per healthcare institution can be found at Basicsecurity.nl.

Privacy-sensitive data

Despite the fact that the majority of healthcare institutions have their affairs in order, the results of this study can be called negative. Being within healthcare extremely privacy-sensitive data incorporated. Elger Jonker, ethical hacker and president of The Internet Cleanup Foundation, said in the Volkskrant that he was concerned about the outcome of the investigation: “There is a lot of attention for cybersecurity. But despite coalitions in healthcare, all the standards that are set and agreements that are made, the basis often turns out not to be in order.” 

Part of the problems have now been solved

The Internet Cleanup Foundation is an ethical hacker group. The research into vulnerabilities within information security was done to warn hospitals and healthcare institutions about their own weak spots. The results were therefore shared with the hospitals before they were published. Some of the vulnerabilities have now been fixed. But work remains to be done. 

phone handsetarrow-right linkedin Facebook Pinterest youtube rss Twitter Instagram facebook-Blank rss blank LinkedIn-blank Pinterest youtube Twitter Instagram