Number of data breach reports in care sector still on the rise

07 november 2019

In the first six months of the year, the Dutch Data Protection Authority (Dutch DPA) received close to 12,000 reports of data breaches. DPA research shows that most of this year’s data leaks (31%) happened in the healthcare sector.

If this trend continues, the privacy watchdog anticipates a 14 per cent increase compared to the previous year. The new GDPR* laws make it mandatory for care institutions to become even more cautious when handling personal information and to organise a more secure identification process.

Data breaches

A report by the DPA shows that the highest risk factor comes with sending private information via email. That information can fall into the wrong hands, increasing the risk of a breach. This type of data leaks was most frequently reported to the DPA. Based on this information, the agency was able to conclude that care providers must become even more diligent in complying with GDPR* guidelines.


GDPR legislation 

Since the GDPR came into force on May 25, 2018, care facilities and institutions are required to comply with the principle of accountability. This compliance places the burden of proof on healthcare providers to show that they are following the privacy regulations regarding identification processes and medical files.


The rules of privacy force healthcare facilities to identify their clients and patients and to maintain medical records. Medical files will contain, among other things, information about health, treatment, and general personal information like a person’s BSN (Citizen Service Number for the Netherlands). Care facilities do have the option of using a third party to process that personal data, including the BSN.


Simply and safely transfer the identification process to a third party

To comply with the regulations of GDPR legislation and to guarantee the safety of privacy-sensitive information, healthcare institutions are advised to deal with the secure sending, processing, and storage of personal information. By integrating DataChecker’s services, the whole identification process can safely and simply be taken off your hands.


*GDPR = General Data Protection Regulation