<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

Dutch hospitals vulnerable to cyber attacks

by Cybersprint News Feb 6, 2019

PRESS RELEASE The Hague, 6 February 2019 – The cyber security of hospitals in the Netherlands leaves room for improvement. This makes some hospitals more vulnerable to hacking attacks, possibly leading to data breaches and the leaking of sensitive patient records, concludes a study conducted by Cybersprint, commissioned by Dutch national magazine Elsevier Weekblad

Cybersprint investigated a total of 7,258 websites, servers and IP addresses belonging to the nation’s 8 academic, the 10 largest and the 10 smallest hospitals (based on the number of patients). All 28 hospitals showed a certain degree of vulnerabilities in their cyber security. Some cases were critical, demanding immediate attention. For example, the baby webcam of one of the academic hospitals was still set to factory defaults, meaning that anyone could access the babycam to see the newborns.

In one of the academic hospitals, 25% of all systems were running on outdated software. Furthermore, five of the 10 largest hospitals hadn’t updated all of their software, revealing dated software too. “Outdated software could have severe consequences on the security of patient records,” says Cynthia Schouten, Chief Information Security Officer at Cybersprint. “It makes it quite ease for malicious parties to access a system. It is a matter of downloading a certain program and applying it to the website. An 11-year-old could do that.”

The smaller hospitals scored significantly better, showing no outdated software. Still, the study revealed configuration errors in half of the websites. These kind of errors don’t necessarily result in a direct hacking attack, but do make it easier for hackers to find a way in. Not setting up a password for a baby webcam, for instance, is a configuration liability with potentially serious ramifications. It could also lead to unsecured network connections, making patient records vulnerable to being intercepted.

Last year, most data leaks were reported in the healthcare sector. Almost a third of the nearly 21,000 data leaks reported to the Dutch Autoriteit Persoonsgegevens (AP, supervisor of the gathering and processing of personal data), originated from the healthcare sector. “It becomes apparent that most of the data leaks caused by hacking and phishing attacks are reported by the health sector,” says Inger Sanders, spokesperson at AP. Still, a high number of reported data leaks isn’t all bad news. “It also shows data leaks are taken seriously and people take the time to report an incident,” Sanders states.

Hospitals would do well to examine the results of the study. “Not changing the factory default settings of any smart or IoT-device is a security incident,” states the AP. “It concerns new-born babies in the instance of the babycam, a really vulnerable group. Any data leak must be reported to the AP, and in certain cases also to the people involved, such as the parents, so they can take action themselves as well.”

You can read the story on the website of Elsevier Weekblad here, or as of tomorrow in the printed magazine. 

Meet Cybersprint at RSA Conference 2020

From 24 to 28 February, Cybersprint is present at RSA Conference in San Francisco in the Holland IT Security House. Our team is ready to tell you how to fight your organisation’s digital threats and how to gain insights into your online footprint at stand 2057. Interested in meeting us there? Reserve a timeslot with us by submitting the form.

read more

Citrix vulnerability webinar 21/1: Current status and advice

The recent discovery of the Citrix vulnerability and the impact it has on thousands of organisations has been widely covered in the media over the past days. No patch has been released as of yet, and the effectiveness of the suggested work-around has not yet been fully verified. In fact, there are Citrix versions for which the work-around is confirmed to be ineffective. 

read more

EXCLUSIVE NORDIC BANKING TOUR: New insights in digital risks for finance

Now that the year 2020 has started you probably could use new inspiration on asset allocation. How much money will be spent on new investments, projects and collaborations? These are no subjects for rash decisions. And it’s important to look at all aspects of the deal - that includes cyber security. The ongoing rise of digitalisation and ever-evolving methods criminals use forces banks to be constantly aware of new cyber threats to their organisation. To help banks stay in control of their online footprint, Cybersprint organises exclusive round table sessions in the Nordics. Register here.

read more

Do you have a question?

Our experts have the answers

Contact us