Dutch healthcare facilities are experiencing unauthorized access to patient records by staff. Chatbots, misdelivered mail and open screens also lead to data breaches. That's according to the Cybersecurity Threat Assessment for Healthcare 2024 recently released by the Computer Emergency Response Team for Dutch Healthcare (Z-CERT).
The use of chatbots is regularly the cause of data breaches, according to Z-CERT: "Healthcare institutions indicate that they have difficulty keeping track of the data shared with chatbots. At the same time, there are also positive examples in healthcare where these chatbots have added value. It is important that healthcare institutions and employees know the risks of sharing data with chatbots."
Unauthorized access is also a regular occurrence. According to the Z-CERT, this is usually done out of curiosity. Organizations struggle to assess the full impact of this threat, according to Z-CERT: "This is because they depend on the willingness of healthcare workers to report and because the logging data is too voluminous to fully monitor."
Z-CERT recommends implementing logging controls, but adds that this is sensitive among healthcare employees: "Therefore, involve employees, the Works Council, board and other stakeholders in setting up logging controls." Furthermore, Z-CERT advises paying attention to awareness: "Inform employees that patient data is for job-related use only and that logging is required by law and retrievable by patients and clients."
Click here for the Cybersecurity Threat Assessment for Healthcare 2024.
