Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
DUTCH SUPERVISORY AUTHORITY: sanction to professional dental office for unsafe websites for patients

DUTCH SUPERVISORY AUTHORITY: sanction to professional dental office for unsafe websites for patients

The Dutch Personal Data Protection Authority (AP) has sanctioned, with a fine of 12.000 EUR, a professional dental office. The office has been sanctioned because new patients have registered on a website which was unsafe. This was jeopardizing patients and their sensitive data, like their BSN, which shall fall into wrong hands.

When we register at a professional dental office, we give a mix of personal data under a confidential way. Those data are necessary for the orthodontic practice, but at the same time are so useful for hackers. Take care of patients means also take care of their personal data. This is not true only for big health companies but for each health service provider.

Complaint for privacy breach

The website, which was not protected, of the office was found out after the complaint of someone to AP. Since this case refers a lack of safety in the health sector – for which there are high standards – AP has seen the complaint as a reason to start an investigation.

The web form that new patients were using in order to register them selves includes all the required fields for all the personal data of the patient. And also data of parents, of the general doctor, the dentist and the insurance company.

All the data that were inserted into the form were then sent to the professional dental office by an encrypted connection – so a connection no protected.

Extra protection for children

The majority of patient of a professional dental office are children.

For this reason, data here mentioned refer to children. They a particular vulnerable group when we talk about privacy legislation. For this reason, they have an additional legal law in order to avoid that their data are abused.

Sensitive information

You must be able to assume that your service providers not only treat your data confidentially, but that they also take the security of your data very seriously and organize it properly. Unfortunately, this is not always the case. Violating the confidentiality of this sensitive information can be a significant risk for someone. This can lead to fraud, for example.

The sanction is not yet irrevocable. The professional dental office opposed the sanction imposed. According to the PA the exception is unfounded. An appeal is still pending against this.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEI PAESI BASSI – AP

Team Privacy & Data Protection
11 June 2021

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

12 March, 2025

Adobe: Security Updates (AL03/250312/CSIRT-ITA

12 March, 2025

Joomla! Updates (AL04/250312/CSIRT-ITA)

12 March, 2025

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

12 March, 2025

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

12 March, 2025

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

12 March, 2025

Schneider Electric: Vulnerabilities discovered in various products (AL03/250311/CSIRT-ITA)

11 March, 2025

Siemens Product Updates (AL04/250311/CSIRT-ITA)

11 March, 2025

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

11 March, 2025

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

11 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

Advanced Research