 |
| Image from Pixabay |
In
the rather crowded train I found myself sitting next to a man who was working
on his laptop. A quick glance at the device and the open programs identified
him as a colleague.
At
one point he was in a phone conversation. I wasn't actively listening, but of
course I heard something. And what I heard made me very happy. To start with,
he spoke softly, and in short sentences. It was actually mostly listening and
occasionally responding briefly. I didn't hear him give any information. Neat,
colleague!
How
different is the experience of a colleague who was sitting in the dentist's
waiting room. Well, it wasn’t really a waiting room; in a corner of the
reception there were some chairs. Behind the counter worked two assistants.
One, Tasha*, was clicking through computer screens with some despair in her
eyes and finally said: "I can't find Mrs. Decker's details in TND."
Her colleague Cindy asked for Mrs. Decker's date of birth. "Aha,"
said Cindy, "she's from 1999 and that's why she's not in TND yet. What's
her phone number, I’ll give her a call." Tasha read out the phone number
and Cindy made the call.
“Good
morning Mrs. Decker, this is Cindy, assistant to dentist Crown. I need some
information from you to enter your treatment in our system. What are your
initials? ABG? Great. And your social security number? Yes of course, I'll wait
a moment. (...) Ah, there you are again. Yes, I'll write along. 1-1-2-7 5-5
9-5-0? Thank you. And finally, I need your address. 5 Brace Road? Great, then I
have everything complete. Shall we make the first appointment for your root
canal treatment right away? Can you come in on Friday at 9 o'clock? Fine. If I
can also have your e-mail address, I'll send you a confirmation. marly@decker.com?
Fine, then we'll see you the day after tomorrow. Have a nice day!”
Our
colleague could hardly believe his ears. He now had a complete set of personal
details of someone and he knew when Mrs. Decker would not be home. Thanks to
the information about her treatment, he also knew that she would be away for a
while.
“Great,
with this information I can commit identity fraud.” Or: “Great, I’ll get my
burglary tools ready.” I admit that the chance that the unintentionally shared
information accidentally ends up in the ears of a cyber or physical criminal is
not that great. But still: everyone feels in their bones that this never should
have happened. If you hear all this, then you know that they are handling your
data in the same way. You wouldn’t feel comfortable with that, would you? And
imagine that our waiting colleague was an acquaintance of Mrs. Decker. He runs
into her a week later: “Hey Marly, how is your tooth?” That would be strange,
wouldn’t it?
Of
course there is also a legal problem. The unsuspecting, well-meaning dental
assistants have not only leaked personal data, but even medical data. Under the
GDPR (the European General Data Protection Regulation) these have the status of
special personal data, for which even stricter rules apply than for regular
personal data.
Tasha
and Cindy were just doing their job. They can't help it that dentist Crown
thought a separate waiting room was a waste of money. They couldn't make the
phone call elsewhere either, because then Cindy couldn't enter the data into
the system. Data leaks are pre-programmed in this situation. Especially when
people are not aware of what is happening. A data leak is just around the
corner.
I
also want to look at what happened on the other end of the line. What if it
wasn't the dental assistant who called Mrs. Decker at all, but someone who was
out to collect personal data? Of course, the chance that they would call when you’re
actually suffering from an aching tooth is small. But if you leave that
circumstance out, it's a different story. If someone you don't know asks for
data, tell them you'll call back. Then call the general number of the company
and ask for the person who just called you. If that's not possible, ask whether
they actually needed data. That way, you prevent yourself from leaking your own
data.
*) Of course, all personal and system data are the product of my
imagination.
And in the big bad world…
- Of course you can also just buy medical information at the flea market. [DUTCH]
- healthcare has to deal with cyber threats. What these are, is stated in their threat assessment. [DUTCH]
- Securing medical data is also problematic elsewhere in the world.
- 'hybrid warfare' is a euphemism.
- Europol warns of child abuse via online communities.
- Smart traffic lights turn green thanks to your phone. [DUTCH]
- Signal users are being attacked via fake QR codes.
- the Dutch government is increasingly hesitant when it comes to the public cloud. [DUTCH]
.jpg)
No comments:
Post a Comment