The National Police in the Netherlands arrested a 19-year-old man from ‘Krimpenaan den Ijssel’ for allegedly breaching a healthcare provider’s software system and stealing personal and medical data. At this time, however, it was not yet determined if the hacker shared or attempted to sell the stolen data, which is common in most data breaches.
Stolen medical data is fairly popular on the black market. It’s commonly used for a wide variety of fraud and phishing schemes, mainly for helping criminals find new attack methods.
The National Police didn’t reveal the name of the company impacted by the data breach, but they filed a complaint immediately after discovering it. The security incident then triggered an investigation, with this being the first arrest made by the police. The 19-year-old man was released after questioning, but he still remains a suspect in the case. The police traced the man after receiving a report from the hacked company before starting to examine the evidence collected during the arrest made at the suspect’s home.
“The suspect’s home was also searched, and various data carriers were seized. The investigation into the stolen data can take quite some time,” the police said in a press release on Tuesday. “Whether the data was further distributed or sold cannot be said with certainty at this time.”
While the police did not disclose the name of the company that was breached in its announcement, BleepingComputer found a press release from Dutch technology company Nedap disclosing a recent hacking incident.
“In the morning of Monday, 17 October 2022, Nedap was made aware of a vulnerability in the Carenzorgt.nl system, a digital health environment,” explained the company in its press release on Tuesday.
“Nedap investigated the vulnerability, resolved it immediately, and then initiated an investigation into the possible impact of this incident,” Nednap added. “This revealed that this vulnerability was recently misused. Documents offered by healthcare providers through Carenzorgt.nl have been downloaded unauthorized.”