[BreachExchange] Health Data on Nearly Every Dane Sent to Chinese Firm

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 21 20:13:34 EDT 2016


http://www.infosecurity-magazine.com/news/health-data-nearly-every-dane/

Sensitive medical data on almost the entire population of Denmark has been
accidentally sent to a Chinese state-linked visa office.

The Danish Data Protection Agency (Datatilsynet) admitted the error last
week.

It happened in February last year when two unencrypted CDs containing the
data were posted by the State Serum Institute (SSI) – a government-funded
organization tasked with combating infectious diseases.

They were apparently intended for Statistics Denmark, the country’s
equivalent of the UK’s ONS, but the envelope containing the CDs ended up in
the hands of the Chinese Visa Application Service Centre a few hundred
meters away.

An employee at the center opened the envelope “by mistake” and then went to
the Statistics Denmark office with it, explaining what had happened,
according to an SSI explanation on the Datatilsynet site.

The SSI said it doesn’t believe anyone at the center accessed the data, and
the watchdog claims it will take no further action, despite having
previously told the SSI that data must be encrypted before being sent by
post.

The data involved is highly sensitive, containing social security numbers
as well as health information related to cancer, diabetes, psychiatric
illnesses and more, according to Reuters. However, no names or addresses
were included, according to the watchdog.

The visa office is not directly run by the Chinese state, but is apparently
a unit of the state-owned Bank of China, so there are legitimate concerns
that the data may have been accessed.

It was claimed after the infamous US Office of Personnel Management attacks
that the Chinese state is building up a database of US citizens for
strategic purposes which could further its geopolitical and military aims
in the future.

Health information like that accidentally leaked by the Danish state would
certainly be strategically useful for a foreign power.

In total, data on 5,282,616 citizens residing in the Scandinavian nation
between 2010 and 2012 was on the two discs. The population at the time is
said to have been around 5.5 million – which means most of the country is
affected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160721/bc17dac5/attachment.html>


More information about the BreachExchange mailing list