* Please note that some of the referenced sources are available only in Dutch.
On 3 March 2026, Z-CERT published the ‘Cybersecuritybeeld Zorg 2025’ (Cybersecurity Overview for the Healthcare Sector 2025). As a centre of expertise for cybersecurity in the Dutch healthcare sector, Z-CERT annually analyses the state of digital security in healthcare and identifies the greatest threats. The report shows that cyber threats are no longer a theoretical risk, but a daily reality.
In this blog, we summarise the key insights from the report and highlight the most urgent threats facing the healthcare sector.
Digitalisation in the healthcare sector
The Dutch healthcare sector is undergoing rapid digitalisation. Electronic patient records, cloud applications and medical technology are making healthcare more efficient and accessible. However, this digitalisation also has a downside: the healthcare sector is becoming an increasingly attractive target for cybercriminals. Healthcare organisations manage large amounts of sensitive data and rely on digital systems for their core processes. This means the impact of cyber incidents is felt immediately: not only by IT departments, but also by healthcare providers and patients.
Z-CERT emphasises that digital outages can lead to delays in diagnoses, treatments and care processes. Cybersecurity is therefore no longer purely a technical issue, but directly affects the quality and continuity of care. Furthermore, the healthcare sector is becoming increasingly dependent on external suppliers, cloud solutions and SaaS services. A single incident at a supplier can have immediate consequences for dozens of healthcare institutions at the same time.
The biggest threats
Ransomware remains one of the most disruptive threats to healthcare organisations. In a ransomware attack, systems are encrypted and criminals demand a ransom to release the data. In the healthcare sector, this has direct consequences for patient care: when systems fail, treatments may be postponed, operations may be cancelled and crucial patient information may become inaccessible. This can pose significant risks to patients’ health. The recent ransomware attack on ChipSoft demonstrates that this is a very real risk. As a major supplier of healthcare software, an incident at a company such as ChipSoft affects multiple healthcare organisations simultaneously. This illustrates not only the danger posed by ransomware, but also how vulnerable the healthcare sector is due to its heavy reliance on suppliers and digital systems.
In addition to ransomware, phishing remains a persistent threat that occurs regularly. Cybercriminals are using new techniques to deceive staff. For instance, messages created using AI are becoming increasingly difficult to distinguish from genuine messages. The healthcare sector is an attractive target in this regard: staff often work under high pressure and have access to valuable patient data. There are increasing reports from abroad that hackers are calling IT helpdesks to reset passwords or add MFA methods. Criminals have also attempted to get victims to launch malware via telephone instructions. Although Z-CERT has not yet seen any examples of this here in the Netherlands, this could become a key area of concern in the future.
One of the most underestimated risks in today’s healthcare sector is the growing reliance on external suppliers, cloud solutions and SaaS services. The healthcare sector has undergone a rapid digital transformation in recent years, with an increasing number of processes becoming dependent on external parties. This development brings a new type of vulnerability: a single incident at a supplier can have immediate consequences for multiple healthcare institutions simultaneously. Consider a cloud provider being hacked, or a software supplier whose systems are compromised. The consequences can spread like wildfire throughout the entire healthcare sector. Cloud environments are increasingly targeted in attacks, particularly because sensitive data and backups are stored there. This makes it all the more important for healthcare institutions to scrutinise their choice of suppliers and establish clear agreements regarding security requirements.
Digital fraud, DDoS attacks, geopolitical influences and insider threats are also cited as risks by Z-CERT. New technologies, such as deepfake technology and the use of AI, are making these risks more tangible. Fake invoices are becoming harder to distinguish from genuine ones, and professional communications can be imitated more quickly. It is therefore expected that cybercrime utilising new technologies will continue to rise in the coming years.
Preparation is key: from prevention to resilience
In the report, Z-CERT emphasises that cybersecurity is not just about preventing attacks. It is just as important to be able to continue operating when systems fail. Healthcare organisations must therefore also ensure that their systems are resilient. This can be achieved by focusing on the following three points:
-
Practising crisis scenarios
Healthcare organisations must regularly practise dealing with cyber incidents, just as they do with fire drills. What happens if the Electronic Patient Record (EPR) goes down? How do we communicate if email isn’t working? Who makes which decisions? By running through these scenarios in advance, staff are better prepared when a real incident occurs.
-
Preparing for prolonged outages
Cyber incidents are rarely resolved within a few hours. Healthcare organisations must be prepared for days or even weeks without access to their primary systems. This means having contingency procedures, paper backups of critical information and alternative means of communication.
-
Collaboration within the supply chain
Cybersecurity is not an individual matter. Healthcare organisations, suppliers and other supply chain partners must work together to strengthen digital resilience. This involves sharing information about threats, coordinating security measures and conducting joint incident response drills.
Z-CERT itself plays a crucial role in this by working with participants, suppliers and other Computer Emergency Response Teams (CERTs) to tackle cyber threats such as ransomware, phishing, data breaches and hacking.
Recommendations for healthcare organisations
The cybersecurity overview sets out a number of recommendations. These primarily involve implementing technical, organisational and supply chain measures. Taking a single measure is insufficient: what is required is a package of measures to ensure that a healthcare organisation is well prepared for incidents.
Technical measures:
-
Keep VPN solutions and other systems connected to the internet up to date
-
Implement robust backup strategies, including for data in the cloud
-
Strengthen the security of cloud environments where sensitive data are stored
-
Log activities and regularly monitor log files for suspicious activity
Organisational measures:
-
Provide security awareness training to staff. Train staff regularly to recognise phishing and social engineering
-
Conduct regular drills for crisis scenarios
-
Draw up a business continuity plan setting out how the organisation handles incidents
-
Ensure that passwords are changed regularly
Supply chain measures:
-
Critically evaluate suppliers’ security measures
-
Set out clear agreements on security requirements in contracts
-
Work with supply chain partners to build collective resilience
Conclusion
The 2025 Cybersecurity Outlook for Healthcare makes one thing clear: cyber threats are inextricably linked to the healthcare sector. The impact of incidents extends beyond IT and can directly affect patient care.
Ransomware, phishing, supply chain dependency and AI-driven attacks create a complex and dynamic threat landscape. At the same time, there needs to be a growing realisation that digital resilience is a prerequisite for good care.
The question is no longer whether a healthcare organisation will face a cyber incident, but when. Healthcare organisations that invest now in their digital resilience (technically, organisationally and across the supply chain) will be better prepared for incidents. This will ensure that digital healthcare can continue to be delivered safely and reliably in the future.
Do you need help defending your organization against (cyber) incidents? Feel free to contact us. We’re happy to help.
