Data leakage at healthcare companies: Danes fear for sensitive information
Following a data leak at a medical center operator in Denmark, personal patient data has been published. Patients are unsettled.
(Image: greenbutterfly/Shutterstock.com)
Following a cyberattack on Alles Lægehus, an operator of medical centers in Denmark, personal patient data has been published. At the beginning of December, the company announced a cyberattack that could affect 130,000 patients, according to Danish media reports.
According to the Danish newspaper Ekstra Bladet, the CPR number, which is stored in Denmark's central personal register and is used for identification purposes, is also affected. It is also used in the healthcare sector and is noted on the Danish health card, for example, but is also used in other administrative areas. Other information that is published in a closed forum includes medical history and information about medication.
In Denmark, the first people affected by the incident are now speaking out to the Danish Broadcasting Corporation DR. The Danish Data Protection Agency advises that those impacted should be informed immediately. However, it could take some time before it is clear who is affected. The police are investigating the case together with the National Cyber Crime Center and Alles Lægehus.
Experts warn that this is the most critical case of data leaks in Denmark. According to Ekstra Bladet, the publication of various data in underground forums was preceded by three weeks of negotiations. It is unclear whether a ransom was paid for the data not to be published. The local police are calling on citizens to be particularly vigilant – against phishing attempts – and to report suspected cases of data misuse.
Videos by heise
Regular vulnerabilities
Time and again, criminals exploit security vulnerabilities in the healthcare sector. Healthcare data in particular is valuable and is now traded at higher prices than credit card data. In early 2024, cyber criminals used a Citrix vulnerability to gain access to an unsecured server at UnitedHealth subsidiary Change Healthcare, a major financial services provider in the US healthcare sector. Subsequently, the data of 300 million US citizens was on the darknet, despite multiple ransom payments. Experts advise against paying a ransom, as this does not necessarily stop the criminals' demands.
(mack)
