August was the third leakiest month of the year so far, with a massive 99 recorded data breaches and cyber attacks.
But, by contrast, only 36,673,575 records were confirmed to have been leaked, which is the fewest we’ve recorded since May 2018.
As always, we look at some of the more notable incidents involving European organisations in this blog.
County Cork woman received other patients’ medical files
The same month that Ireland’s Heath Services was revealed to have leaked 1,400 medical files since 2018, County Cork woman Rachel Healy revealed that she was twice emailed medical files containing other patients’ diagnoses.
The first breach occurred on 5 August, when Union Quay Medical Centre sent Healy information about another patient’s mental health diagnosis.
Nine days later, on 14 August, she received a patient’s STI results from myclinic.ie, a Dublin-based GP practice.
Healy told the Irish Mirror that she deleted the file she received from Union Quay Medical Centre, but after the second breach she felt compelled to make the incident public.”
She added: “After receiving both files within nine days I started to think, ‘has my medical information from any practice ever gone to someone it shouldn’t have?’
“Ireland is so small. If I had wanted to, I had all of that woman’s information and I could have contacted her or if the file got into the wrong hands it could have appeared on social media.
She added: “I believe it’s easy for patients to receive stuff via email but I don’t think medical results or medical information should be in any way emailed to people. If you have to send information like that, post it.”
In a statement, Union Quay Medical Centre said it had taken corrective action, including an investigation into how the incident occurred and a data breach report to the data protection commissioner.
Meanwhile, myclinic.ie said: “Like any GP practice we adhere to all GDPR laws and guidelines and handle our patient records with the highest level of sensitivity.
“We cannot comment on individual patient cases.”
Germany’s military-run transport fleet hacked
Germany’s federal government was informed last month that criminal hackers had infiltrated its FuhrparkService (BWFU) transport fleet.
The state-run organisation provides chauffeurs for parliamentarians and comprises 33,500 vehicles in 160 locations across Germany.
An initial investigation found that the BWFU’s IT network was compromised, but it’s not clear what information or systems were accessed.
In a letter to governing and opposition parliamentary groups, the Bundestag confirmed that “The attacker and the concrete targets of his [sic] attack are not known.”
It added: “At present, it is not known when the data centre was compromised for the first time, whether data was manipulated or whether data was siphoned off.”
The German defence ministry said that the incident resulted in all electronic links to clients – including the ministry itself, the military and the federal parliament – being capped.
“In addition, the (BWFU) management has called in a company specialized in the analysis and rectification of damage caused by such incidents.”
Personal details of staff released in Irish government IT breach
Staff and former staff at Ireland’s Department of Employment Affairs and Social Protection learned last month that their data had been inadvertently shared within the organisation.
The leaked data included pictures of staff displaying their PPSN (Personal Public Service Numbers), as well as elements of their personal files.
The leak reportedly came from the department’s Time and Attendance administrator system, which details staff working hours and human resources issues, including employees’ medical histories.
In a statement, the department confirmed the breach but didn’t disclose how many people were affected. However, it did confirm that customer data wasn’t involved.
Stay up to date with cyber security news
Are you looking for regular updates on the latest cyber attacks and data breaches?
Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on the steps you should take to protect your organisation.