Patients of Dutch psychological well being clinics are being warned that their private data have fallen into the palms of hackers following a safety breach at a web-based portal that “assured” their privateness.
Netherlands-based expertise firm Nedap disclosed on 25 October a hacking incident of its Carenzorgt.nl portal, utilized by 1000’s of healthcare establishments all through the nation to share digital well being data and private information.
The firm says that it was made conscious of a vulnerability within the Carenzorgt.nl system (often known as “Caren”) on the morning of 17 October, and “resolved it instantly.” However, a subsequent investigation decided that the vulnerability had been exploited by hackers to realize unauthorised entry to affected person data.
Amongst the victims are 184 purchasers of psychological well being clinics Reinier van Arkel and Ypse in Den Bosch.
The incident has worrying echoes of the assault in 2020 of Finnish psychotherapy clinic Vasataamo that noticed hackers not solely steal the extremely confidential and delicate notes from remedy classes, but additionally ended up with particular person sufferers receiving threats saying that until they paid a ransom inside 72 hours their personal data could be revealed on the web.
In that incident, the hacker stole psychotherapy particulars on 1000’s of sufferers, with not less than 2000 victims finally having their session notes revealed on the darkish internet.
Vasataamo’s CEO misplaced his job, and the agency declared itself bankrupt the next yr because the harm to its popularity was unimaginable to restore.
Let’s hope the identical destiny doesn’t befall the remedy clinics whose sufferers have been affected by this newest breach, as from the sound of issues, the safety failure was not with them however as a substitute with Nedap’s Carenzorgt.nl portal.
One ray of sunshine is that final week Dutch police arrested a 19-year-old man in reference to the hack.
Authorities are mentioned to be investigating whether or not {the teenager} may need offered any of the stolen information to others, who would possibly try and monetise the delicate information.