Skip to main content
All Industries

EU Industry Benchmark

Healthcare

Anonymized security posture data for the healthcare sector across the EU. Based on 51501 monitored sites.

40.9

Avg. Score /100

D

Avg. Grade

51501

Sites Tracked

0.0

vs. EU Average

Critical findings in this industry

41843 of 51501 without HTTPS redirect

81.0%

50600 of 51501 with unencrypted email (no STARTTLS)

98.0%

51382 of 51501 without DMARC protection (spoofable)

100.0%

22767 of 51501 missing 3+ critical security headers

44.0%

44978 of 51501 without DNSSEC (vulnerable to DNS spoofing)

87.0%

50206 of 51501 without CAA records (unrestricted certificate issuance)

97.0%

51314 of 51501 without MTA-STS (email downgrade attacks possible)

100.0%

Grade Distribution

A
0 (0.0%)
B
6 (0.0%)
C
1329 (3.0%)
D
28326 (55.0%)
F
21840 (42.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Hosting & Data Residency

64%

EU-headquartered provider

36%

Non-EU provider (CLOUD Act / Schrems II)

IONOS (1&1) (DE) 5917 23.0%
Cloudflare (US) 4107 16.0%
Hetzner (DE) 3338 13.0%
Strato (DE) 3180 12.4%
Amazon Web Services (US) 2261 8.8%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.