Privacy-sensitive data of general practitioners and other healthcare organizations has been compromised by an error by an accountant at PricewaterhouseCoopers (PwC).
Between last Feb. 25 and March 8, unauthorized persons were able to obtain data. These included names, addresses, bank account and VAT numbers.
A number of GP practices whose data were in the leaked database were notified by PwC. It concerns data from the Association of Healthcare Providers for Healthcare Communication (VZVZ). This organization is responsible for the National Switch Point (LSP) that facilitates the sharing of medical data between healthcare organizations.
PwC received the encrypted data from member organizations to audit financial statements. "The situation arose because of a misconfiguration due to human actions," explains Thomas Galestien, spokesman at PwC. "We immediately shut everything down, took security measures and mapped the situation." The exact extent of the data breach is not yet clear. PwC and VZVZ have informed the Autoriteit Persoonsgegevens (AP) about the data breach.
