Every 2 to 3 days, a new set of leaked passwords related to a Dutch hospital appears online.

That’s not an exaggeration. It’s what we found after scanning available data for a group of Dutch hospitals using our software platform.

These leaked usernames and passwords combinations – generally referred to as “credentials” – don’t just belong to staff emails. They are used to open doors to internal systems, electronic patient records, or access portals.

At Skuridat, we analyzed breach files linked to a group of Dutch hospitals – spanning 8 years – available on the dark web. Our aim was to understand how common these leaks are, compare hospitals with each other, and show why this is a growing problem in healthcare.

These leaks can happen in a few ways:

• Third-party misuse: A staff member uses their work email on a compromised website (e.g., a travel app or online store).
• Service breaches: A vendor or system used by the hospital is hacked.
• Credential-stealers: Malware captures login data silently.
• Phishing: Staff are tricked into entering credentials into fake portals.

So, how much are we actually talking about…

Our data shows the following:

• On average, each hospital had 1,061 breach files associated with it.
• That means, for each hospital, a new leak publication every 2 to 3 days.
• The worst performer had over 2,000 separate leak files.
• Few performed significantly better than the rest – only one hospital had zero known leaks.

To be clear: these aren’t just single passwords we’re talking about. Each file can contain dozens if not thousands of login details.

Leaked credentials can lead to:

• Compromise of personal healthcare data.
• Potential exposure of internal systems.
• Loss of trust, regulatory consequences and reputational damage.
• Hackers often leverage this data to gain initial access to the organization’s environment.

Given the volume, frequency, and potential impact on sensitive operations, we assess this risk as high – especially for hospitals with above-average exposure and little to no monitoring in place.

There are effective steps organizations can take today. It starts with a strong, organization-wide password policy. That means more than just requiring “complex passwords.” It involves:

• Clear rules on password reuse, across personal and professional accounts – and yes, we know that 3 in 4 reading this do…
• Regular user awareness training around phishing and credential misuse.
• Technical controls like password managers and breach monitoring.
• And, although not always available, Multi-Factor Authentication (MFA) as a critical second layer of defense.

While such a policy can greatly reduce risk, it’s only effective when the basics are in place – and enforced. Poor password habits, unmonitored exposures, or unaware users can still open the door to compromise.

The Skuridat platform continuously scans multiple breach sources on the dark web for exposed credentials tied to your organization’s domain.

• Get alerts when your users show up in breach data
• View peer-based comparisons and industry trends
• Map exposures to actual attack paths (phishing, internal reuse, shared logins)

With this insight, organizations can move from passive exposure to measurable control.

Book your personalized demo now and take control of your exposure.