The Dutch Minister of Health, Bruno Bruins, has issued an investigation to determine whether all hospitals and healthcare organisations in the Netherlands should be aligned to Z-CERT, the Computer Emergency Response Team for all healthcare Institutions in the Netherlands. The inducement for the investigation is Cybersprint’s report on the cyber security of Dutch hospitals, published in the Elsevier Weekblad on 9 February 2019.
Elsevier commissioned Cybersprint to research the digital security of 28 hospitals (the eight academic hospitals, and the 10 largest and smallest hospitals). All hospitals showed to have vulnerabilities in their systems. The most prominent risks were configuration errors and websites running on outdated software, as much as 25% of all sites belonging to an academic hospital.
Alarmed by the outcomes, many institutions have since started taking steps to improve their organisation’s cyber security.
The Z-CERT foundation was established last year, to help healthcare institutions with cyber security protection and incident support. Minister Bruins stated he thinks all healthcare institutions should be aligned to such an organisation. This governmental investigation assesses if alignment to the foundation should be compulsory for hospitals. Bruins will follow up on the investigation later this year.
the study on the cyber security of hospitals
Cybersprint investigated a total of 7,258 websites, servers and IP addresses of 28 hospitals in the Netherlands. All of the investigated hospitals showed a certain degree of vulnerabilities in their cyber security. Some cases were critical. For example, a baby webcam was still set to factory defaults, meaning that anyone could access the babycam to see the newborns.
You can read the full English report of Cybersprint’s study here.
Read the news item by Security NL here. (only in Dutch)