Since years, students employed part-time by the OLVG hospital group in Amsterdam have had full access to the medical records database.
The Volkskrant reported on Friday that they were now permitted to access private information about friends, family members, and renowned people.
A philosophy student who scheduled hospital phone calls revealed the breach.
Though they were supposed to be allowed to work wherever in the hospital, due to a glitch in the programme, all pupils had access to private files.
TPRM report: https://scoringcyber.rankiteo.com/company/olvg
"id": "olv153519223",
"linkid": "olvg",
"type": "Breach",
"date": "02/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Amsterdam',
'name': 'OLVG Hospital Group',
'type': 'Hospital'}],
'attack_vector': 'Insider Threat',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Medical Records'},
'description': 'Students employed part-time by the OLVG hospital group in '
'Amsterdam had full access to the medical records database, '
'allowing them to view private information about friends, '
'family members, and renowned people.',
'impact': {'data_compromised': 'Medical Records',
'systems_affected': 'Medical Records Database'},
'motivation': 'Unintentional/Curiosity',
'post_incident_analysis': {'root_causes': 'Program Glitch'},
'references': [{'source': 'The Volkskrant'}],
'threat_actor': 'Part-time Student Employees',
'title': 'Data Breach at OLVG Hospital Group',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized Access due to Program Glitch'}