Sorry, that is the only thing that Elza den Hartog remains. The chairman of the Board of Directors of the Netherlands Population Examination, announced on Monday That one of the laboratories where smears are analyzed has been hacked. Criminals have captured the data of nearly half a million women.
It just doesn’t stop there. The personal and medical data of possibly thousands of other patients were also stolen and leaked. The hackers were also active in other systems of the same lab.
1What is known so far?
The hack was performed at the beginning of July on systems of a laboratory in Rijswijk. There, samples are tested for two companies, both of which fall under Clinical Diagnostics Netherlands. That company is again part of Eurofins, a medical diagnostic company, which has several laboratories in the Netherlands.
At a hack from one company – Clinical Diagnostics NMDL – the data from the National Population screening were captured. The 485,000 women participated in a study of cervical cancer.
In addition to the smears of the population screening, the other company – Clinical Diagnostics LCPL – also processed monsters for general practitioners, healthcare institutions and governments at the same location. For example, the lab conducts research into STDs with DNA technology.
An expertise center for healthcare has been seen traces of the hack on the ‘Dark Web’ for some time
RTL News looked at a ‘sample’ who had put the hackers online on it Dark Weban anonymous part of the internet. It contained data from around fifty thousand people. The leaked data contains results of all kinds of medical research carried out for general practitioners, hospitals and independent clinics.
In one declaration Clinical Diagnostics Nederland says on Monday that a hacker had brief access to the IT system and managed to copy data. The systems are now safe again. It nevertheless produced the hackers’ address details of patients, their citizen service numbers, names of their health insurers and healthcare providers and data about requested medical researchers. More labs from Clinical Diagnostics are not affected.
Clinical Diagnostics announced on Monday evening to the ANP news agency that ‘mainly’ is about data from the past three years.
2Why is this only coming out now?
The company writes in the statement that the cyber attack was discovered ‘in recent weeks’. “We immediately started a first investigation. We waited a while to share information so that we could first take the right steps.”
Clinical Diagnostics late NRC know how to investigate the circumstances of the hack. On August 6, the company informed the Netherlands population screening. Subsequently, the Netherlands population screening announced the leak to warn patients. It has also suspended the collaboration with the laboratory.
Z-Cert, the cyber security expertise center for healthcare, has seen traces of the hack on it for some time Dark Web. “We have contacted Clinical Diagnostics, because we have a sample of the dataset on the Dark Web saws appear, “says Wim Hafkamp, director of Z-Cert, against NRC.
The Expertise Center has tracked Clinical Diagnostics since the find on it Dark Web To inform victims, but it didn’t. “We know for sure that data was leaked from the population screening,” says Hafkamp, who already suspected that more healthcare institutions had been duped. After the hacked data was published, Z-Cert spread Own press releasein which it encourages customers of the lab to request clarification.
Clinical Diagnostics says to NRC not to be able to make a statement about whether more parties became daaaged than population screening. Nor does it want to tell why not all victims were informed. However, it says that “all affected persons are personally informed by letter in the coming weeks”.
Read also
‘Thousands of deaths prevent breast, intestinal and cervical cancer’ population tests’
3Who were the hackers?
Hostage software nova claims to her Dark Web-site to hacked a laboratory of Eurofins. A sample of the stolen data could be viewed on that site. NRC Didn’t look at that data.
That hack is no longer on ‘the front page’ of Nova, but can be retrieved. The message is dated 6 July. According to the gang, about three hundred gigabytes of data have been stolen. Such claims cannot be verified: Hackers often bluff about the value of their loot.
Nova appears to be a recent addition to the changeable collection of hackers’ groups. The group made some name last March by claiming the systems of the Italian municipality of Pisa. Other hackers can rent their software for a fee. Nova then wants 10 percent of ‘the profit’.
Victims of these gangs are kept on data sex sites on it Dark Web. NOVA can write nineteen hacks on its account so far. “Data is leaked, you must be ashamed and everyone who works with you,” says the site – in broken English – as companies or organizations refused to pay the ransom.
The ‘leksite’ is part of the extortion model of hostage software bends: hacks are published to increase the pressure to pay. For some time, cyber crime bends have not only encouraged data from systems that they penetrate, they also threaten to publish captured data. That data is then distributed via anonymized networks.
4What can cyber criminals can do with the stolen information?
Roughly they have three options. They can claim ransom with the victim (in this case Clinical Diagnostics), who gets the data back after payment. Or they can extort or light up duped patients, for example, with their personal data. Whether the data set is sold on it Dark Web To other scammers.
“This is a data set of almost half a million people, multiplied by a lot of different personal data,” says Joris Bijvoets, Data Protection Officer at Privacy-Consultancy company AVG Complete. “With this data, hackers can make very specific phishing emails that can hardly be distinguished from real emails, such as one with the result of your smear with the date of your test and the name of your treating doctor. If you click on the link in the mail to the so -called result, you will be hacked yourself.”
Hackers only need one weak link to flatten or spy on an entire organization
According to Bijvoets, victims must also be considered on emails that respond to the hack, such as a message that is supposedly coming from the population screening and which states that the stolen data can be secured by clicking on a link.
Even if only 1 percent of all victims would accidentally click such a link, the hack is still extremely lucrative, says Bijvoets. “And if your work computer is infected, or you are on the Wi-Fi network of your work, then this may spread like an oil slick. Hackers need only one weak link to flatten or spy on an entire organization.”
5How can victims prevent abuse of their data?
Data abuse cannot be excluded, Clinical Diagnostics warns on its site. “De Hacker has had access to personal data. Data has also been copied. That is why it is important to be extra vigilant for misuse of this information.” The company warns victims not to click on the left in suspicious mails, text messages or app messages and to watch for phone calls from anonymous callers.
The Dutch Data Protection Authority advises victims of a data breach to change the password of the leaked e-mail address and not use hacked passwords. People who know for sure that their data has been abused can report to the Central Identity Fraud Reporting Center and report it to the police.
Read also
At the Hackers Festival, about four thousand IT people show what they can do
