After the Hack at Clinical Diagnostics, A Lot of Personal Data, Including Citizen Service Numbers, Were Stolen From People who Participated in the Cervical Cancer Screening Program. “It is now a Topic of Discussion Whether We Should Continue to use BNS in this way,” The Ministry of Health, Welfare and Sport Tells NU.nl.
The Responsible Hacker Group Claimed on Friday that they would Delete the Stolen Data. Whether That Actual Happens is Another Matter. In any case, the incident Has Put the use of Citizen Service Numbers (BSNS) Under Scrutiny.
Accordance to the Government, Recognized Healthcare Providers in the Netherlands Required to Record the Citizen Service Number of Their Patients. They must also use the number when exchanging data about patients. That is why the bsn was also in the leak at clinical diagnostics. With the number, the correct tests can be linked to the correct people, Says population screening for the Netherlands.
A Spokesperson for the Ministry of Health, Welfare and Sport (VWS) Says That Efforts Are Always Made To Share “As Little Personal Data As Possible”. At the moment, it is being investigated Whether this has leg done correctly and Whether too much information has been shared.
VWS does not want to anticipate Matters and does not want to say Whether bsns should not be shared in the future or in a different way. “It is a topic of discussion. The use of a bsn is not set in Stone: we will look at the research results to see if any things needs to be changed.”
‘Criminals Can Do A Whole Life With Your BSN’
A BSN is a unique code that is linked to one person. Accordance to the law, it is a permanent and irrevocable personal number. Applying for a New Number is Therefore Not Possible. The Number is already anonymization of a name, but criminals can link a bsn to a name with the help of other leaked information.
“A Citizen Service Number is the Crown Jewel of Your Identity,” Says Dave Maasland, Director of CyberSecurity Company ESET Netherlands. “Because you only get it one in your life, criminals can do their whalle life with it. If some approaches you with a bsn, that is extremely credible, because you almost never have to share it.”
In practice, Citizen Service Numbers Are Often Not Processed Independently or Other Information. “Often the Numbers Are Stored Together with a Name,” Says Daan Keuper, Security Specialist at Online Security Company Computest.
Safe Alternatives Are (Technicalally) Possible
Accordance to the experts, there are other ways to process information safely. “You could come up with other unique Numbers,” Says Keuper. In this case, population screening the Nederland Convert a Person’s BSN Into a number and pass that number on to the lab. If the lab then has to share results, it does so together with that number. The population screening in the Netherlands can be link that to people again.
Now that is (Still) not Possible, because of the obligation in Healthcare to Share BSNS. Another Way is to store data of people in multiple places. “That is less efficient, But Safer,” Says Maasland. “This of works now so that data comes into one system where everything comes together.”
Maasland also Advocates a Dutch Ministry or Digital Affairs. “That is not to be hip or anything,” he says. “Digitization is a Horizontal Problem, Several Minces are Involved in this Leak Alone. And all parties refer to Each Other. There must be a place that centally Takes Control and Takes Responsibility.”