Data Breach at Dutch Social Security Office Exposes Health Information

By Netvora Tech News

The Dutch social security office, UWV, has suffered a data breach due to human error, exposing health information of an undisclosed number of clients. According to the "Stand of Execution of Social Security" report, published yesterday, the agency reported 216 data breaches to the Dutch Data Protection Authority (AP) in the first three months of this year. Two of these breaches had a significant impact.

First Breach

In January, a UWV employee accidentally sent an internal email to a client, containing a document with personal data, including health information, of other clients. The recipient promptly deleted the email without opening it and informed the UWV. The agency subsequently notified the affected clients and the AP.

Second Breach

In February, another email breach occurred. A message with two attachments containing personal data, including health information of 158 individuals, was sent to the wrong recipient. The UWV reported this incident to the AP as well.

The UWV claims to have contractual codes of conduct in place that provide sufficient guarantees for the protection of those affected. According to the agency, the impact on affected individuals was therefore minimal, and it has decided not to inform them.

Ongoing Investigation

The UWV is currently investigating the possibility of storing documents in a single location to prevent similar breaches in the future.

The agency is working to improve its email security protocols to prevent human error.
The UWV is also exploring alternative methods for sharing documents, reducing the risk of data breaches.

The UWV is taking steps to address the data breaches and prevent similar incidents from occurring in the future. The agency's efforts to improve email security and document sharing protocols will help protect the sensitive information of its clients.