A majority of larger organisations in the geestelijke gezondheidszorg (ggz) fail to meet legal requirements for information security. The Inspectie Gezondheidszorg en Jeugd (IGJ) confirmed these findings in a sweeping new report. The inspectorate now demands that these vital mental health providers upgrade their digital systems to comply with legal safety standards as quickly as possible.
Poor data security creates massive patient risks
Information security functions as the backbone of reliable patient care. When healthcare networks fail to secure their infrastructure, they leave highly sensitive medical files vulnerable to cybercriminals. Digital threats like ransomware attacks, severe system outages, or data leaks can instantly disrupt medical operations. These breaches actively threaten patient safety. For this reason, Dutch law requires all healthcare institutions to run an active, verified information security management system.
Only six audited providers pass the test
The IGJ investigated 87 of the approximately 150 larger ggz organisations that employ at least 50 full-time staff. This investigation evaluated the current state of cybersecurity in the mental health sector. It revealed an alarming reality. Only six of these organisations actually meet the legally mandatory security standards. Most audited providers stated they are currently working on improvements. However, more than half could not give a specific date for full compliance.
Failing organisations must book independent audits immediately
The inspectorate expects all non-compliant organisations to take immediate action to protect citizen data. They must arrange an independent, expert assessment of their information security before the end of this year. Moving forward, the IGJ will closely monitor their progress. The inspectorate will enforce penalties against any institution that continues to ignore patient privacy laws.
@ anp | NEWS BRAINPORT
