Skip to main content
All Industries

EU Industry Benchmark

Healthcare

Anonymized security posture data for the healthcare sector across the EU. Based on 51222 monitored sites.

43.8

Avg. Score /100

D

Avg. Grade

51222

Sites Tracked

0.0

vs. EU Average

Critical findings in this industry

29296 of 51222 without HTTPS redirect

57.0%

32567 of 51222 with unencrypted email (no STARTTLS)

64.0%

42988 of 51222 without DMARC protection (spoofable)

84.0%

28197 of 51222 missing 3+ critical security headers

55.0%

44852 of 51222 without DNSSEC (vulnerable to DNS spoofing)

88.0%

50028 of 51222 without CAA records (unrestricted certificate issuance)

98.0%

51052 of 51222 without MTA-STS (email downgrade attacks possible)

100.0%

Grade Distribution

A
0 (0.0%)
B
255 (0.0%)
C
3146 (6.0%)
D
30369 (59.0%)
F
17452 (34.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 43.1/100 (2702 sites) Belgium: 46.4/100 (1351 sites) Bulgaria: 43.0/100 (325 sites) Croatia: 44.0/100 (256 sites) Cyprus: 41.3/100 (68 sites) Czech Republic: 46.2/100 (643 sites) Denmark: 47.3/100 (486 sites) Estonia: 48.3/100 (135 sites) Finland: 45.7/100 (366 sites) France: 42.1/100 (2515 sites) Germany: 42.4/100 (21833 sites) Greece: 44.3/100 (278 sites) Hungary: 45.4/100 (357 sites) Ireland: 47.2/100 (618 sites) Italy: 42.6/100 (1480 sites) Latvia: 46.0/100 (126 sites) Lithuania: 45.7/100 (259 sites) Luxembourg: 45.7/100 (92 sites) Netherlands: 49.4/100 (3244 sites) Norway: 47.7/100 (277 sites) Poland: 42.5/100 (3495 sites) Portugal: 46.0/100 (417 sites) Romania: 46.4/100 (544 sites) Slovakia: 48.6/100 (481 sites) Slovenia: 43.9/100 (132 sites) Spain: 43.4/100 (1887 sites) Sweden: 47.4/100 (279 sites) Switzerland: 48.6/100 (1664 sites) United Kingdom: 43.9/100 (4869 sites)
Worse
Better

Score by Country

🇦🇹 Austria
43.1 2702 🇧🇪 Belgium
46.4 1351 🇧🇬 Bulgaria
43.0 325 🇭🇷 Croatia
44.0 256 🇨🇾 Cyprus
41.3 68 🇨🇿 Czech Republic
46.2 643 🇩🇰 Denmark
47.3 486 🇪🇪 Estonia
48.3 135 🇪🇺 European Union
49.0 2 🇫🇮 Finland
45.7 366 🇫🇷 France
42.1 2515 🇩🇪 Germany
42.4 21833 🇬🇷 Greece
44.3 278 🇭🇺 Hungary
45.4 357 🇮🇸 Iceland
51.2 25 🇮🇪 Ireland
47.2 618 🇮🇹 Italy
42.6 1480 🇱🇻 Latvia
46.0 126 🇱🇮 Liechtenstein
45.8 5 🇱🇹 Lithuania
45.7 259 🇱🇺 Luxembourg
45.7 92 🇲🇹 Malta
41.5 11 🇳🇱 Netherlands
49.4 3244 🇳🇴 Norway
47.7 277 🇵🇱 Poland
42.5 3495 🇵🇹 Portugal
46.0 417 🇷🇴 Romania
46.4 544 🇸🇰 Slovakia
48.6 481 🇸🇮 Slovenia
43.9 132 🇪🇸 Spain
43.4 1887 🇸🇪 Sweden
47.4 279 🇨🇭 Switzerland
48.6 1664 🇬🇧 United Kingdom
43.9 4869

Hosting & Data Residency

64%

EU-headquartered provider

36%

Non-EU provider (CLOUD Act / Schrems II)

IONOS (1&1) (DE) 5902 23.0%
Cloudflare (US) 4026 15.7%
Hetzner (DE) 3322 13.0%
Strato (DE) 3176 12.4%
Amazon Web Services (US) 2256 8.8%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.