more than a third of the websites of hospitals is poorly protected. In a quarter of the websites is missing a secure connection over the https protocol. Therefore, privacy-sensitive patient data via a web form will be shared in the hands of cyber criminals. Earlier it was already known that general practitioners are lax with https.
The figures on lack of encryption of ziekenhuiswebsites come from research of Women in Cybersecurity (WICS). That is a Dutch network of women working in the ict security. They examined 97 hospitals and shared the results with newspaper Trouw.
Of the 97 sites that WICS studied, there were 25 no secure connection. These include OLVG West in Amsterdam (formerly Sint Lucas Andreas Hospital). The hospital recognizes opposite the newspaper the lack of a secure connection is a weak point, but says that at the time that the site was built encryption of web traffic is still not the standard.
Also the St. Antonius Hospital, that is active in different locations in and around Utrecht, indicates that the lack of a https-connection is a risk, but it says to wait on the new site that the first quarter of 2017 live.
Security vulnerabilities
The cybersecurityspecialisten found web sites that in the first instance, properly secured also looked outdated security that the web pages makes them vulnerable to hackers. The Admiral is the Ruyterziekenhuis with offices in Zealand has the security changed by WICS on the risks is highlighted.
WICS expressed its concerns about security risks within the ict on hospital locations. It found, for example, logins and passwords on a note on the screens were stuck. Also be on the outdated security of medical equipment.
general Practitioners are sloppy with HTTPS
Earlier it became known that general practitioners often the error into the security of websites. Also there are online forms is often a privacy risk.
In 197 practices where patients are online may enroll, or a herhaalrecept may request, in at 29.3 percent of the cases, no use is made of a secure https connection for the transmission of medical data and personal data.
This article comes from Computable.nl (https://www.computable.nl/artikel/5918480). © Jaarbeurs IT Media.
No comments:
Post a Comment