Two thirds of healthcare websites do not yet support https
Research by the Open State Foundation shows that a vast majority of healthcare company websites do not yet support https. In some cases, this also sends information in online forms without encryption.
The Open State Foundation looked at 22,393 websites for this study. Of these, 8637, or 39 percent, support the secure connection. However, with 1786 of these websites https is not enforced, so that in these cases the connection is still not secure for most users. In total, only 31 percent of healthcare websites enforce the use of https.
The study is further subdivided by type of care. Providers of allied health care have the lowest score, with 24 percent of websites supporting https. For physiotherapists this number is 30 percent and for mental health and home care it is 34 percent. Nearly 40 percent of the websites of dentists, dental hygienists and providers of care for the disabled are secured with https and with pharmacies this is just under 50 percent.
More than half of the websites of youth care providers support https, namely 56 percent. However, this is actually enforced in only 37 percent. GP and hospital websites perform best: 66 percent of GP websites support https and 61 percent enforce it. In hospitals this is 75 and 68 percent respectively.
The Open State Foundation further notes that a sample survey found that several of these unsecured websites offer online forms. These forms ask for personal data and medical conditions, among other things. Without a secure connection, such information can be intercepted relatively easily.
HTTPS is a concern for more sectors. In March, the Open State Foundation announced that 52 percent of government websites support encryption. Ronald Plasterk, the Minister of the Interior, wants to make all government websites mandatory to implement https. A law may be introduced to this effect in 2018.