IT security in healthcare is a tricky issue. Healthcare institutions are open organisations. They receive many patients and visitors for those patients. Physically securing them is a complex issue. Additionally, the availability of IT and patient data is of the utmost importance.
When life and death are at stake, IT simply needs to work. All patient data must be available. The data involved in healthcare deserves the best possible protection. After all, this involves highly privacy sensitive data, which requires very careful treatment.
The NEN 7510-standard provides a point of reference for this, as well as requiring periodic IT security testing, such as penetration testing.