The report concerns what the regions are doing to protect hospital health data against cyberattacks. Health data can include, for example, medical records, test results, and X-ray images.
The purpose of the study is to assess whether the regions adequately protect health data in the hospital sector against cyberattacks. Rigsrevisionen answers the following questions in the report:
- Do the regions have a sufficient basis for protecting health data against cyberattacks?
- Have the regions implemented adequate measures to protect health data against cyberattacks?
- Do the regions have a contingency plan to handle the consequences of cyberattacks affecting electronic patient records?
Rigsrevisionen assesses that the regions’ efforts to protect health data are not entirely satisfactory. The regions have protected health data against cyberattacks, but all regions can improve their protection. The regions have generally made efforts to prevent hackers from gaining access to health data but have not done enough to limit the damage from cyberattacks in cases where hackers have succeeded in accessing health data. The consequence is that hackers can more easily spread their attacks and potentially disrupt larger parts of the hospital sector.
Rigsrevisionen initiated the study in December 2023.
Read the introduction and conclusion (PDF)