In this paper, initial results of an attitude survey on the security of medical information systems in Greece are reported. Greece for the moment lacks a generic data protection act; therefore a systematic approach to introducing secure information systems in public health establishments requires the determination of the security needs of the medical community. The survey was conducted using a properly designed questionnaire. This questionnaire addressed issues relevant to the extent of information technology currently in use, the need for information security, classification of used information with a view towards adopting methods, techniques and legislation providing sufficient security guarantees, etc. The questionnaire was addressed to a sufficient number of employees of organized health care establishments, so that the results would be worth while and reliable.