HQ/EMEAFind out how we can help your business
A male of 19-year-old was arrested in the western Netherlands after allegedly hacking a healthcare software vendor’ network and stealing a massive number of confidential data. Based on reports on the breach, the stolen documents contained sensitive medical data of patients of the country’s healthcare institutions.
There is no evidence that the hackers have misused the stolen patients’ data for malicious purposes.
The investigation of the incident began when the Dutch police received reports of the breach from the impacted healthcare software vendor, which resulted in them tracking the culprit and examining collected evidence from the teenage hacker’s residence.
The name of the affected healthcare firm remained confidential until researchers found a press release online about the Nedap tech firm’s disclosure of a breach that ensued in their Carenzorgt.nl portal.
The Carengzorgt medical portal is a partner of over 9,000 healthcare providers, with about 500,000 active users. The portal is utilised for patient appointment booking, communication, and medical data safekeeping.
As explained in the press release, Nedap detected a system vulnerability in the Carenzorgt.nl system on October 17. The tech firm immediately examined the bug and mitigated its effect on the system. An investigation was also implemented to determine the incident’s impact.
After the investigation, Nedap discovered that an unauthorised entity exploited the system vulnerability by downloading sensitive medical documents through the Carenzorgt.nl portal. After knowing of the breach and the danger it could lead to the affected medical data, the healthcare tech firm reported it to the authorities.
Nedap also informed healthcare providers regarding the security breach on the Carenzorgt.nl portal. Currently, the Dutch authorities have yet to identify any proof of data misuse on the stolen data, but people are advised to stay alert about potential cyberattacks that may leverage their information.
It is still not confirmed whether the Nedap security breach is associated with the Dutch police’s arrest of the hacker who stole data from an unidentified healthcare software vendor. Nonetheless, experts highlight that despite the annual external audits and pentesting of healthcare institutions, there are remaining vulnerabilities left undetected, which hackers could abuse.
