According to Mirjam Sterk, Minister of Long-Term Care, Youth, and Sport, there’s no certainty that the criminals have destroyed the data they stole from ChipSoft.
Last month, ChipSoft, a Dutch manufacturer of electronic patient record software, was attacked by a ransomware extortion group called Embargo.
Initially, the software developer claimed that it was unlikely that patients’ personal information had been stolen or accessed, but couldn’t rule it out, either. A few weeks later, the company revealed that the attackers had managed to steal patients' personal data.
At the end of April, ChipSoft announced that all stolen data had been destroyed. “Our cybersecurity experts have confirmed that this destruction was carried out in a technically sound manner,” the company said in a statement.
However, Minister Sterk has doubts about the claims that ChipSoft is making.
“I would note, however, that it is impossible to determine with absolute certainty whether the stolen files have in fact been completely destroyed. At the request of the National Coordination Team, experts from Z-CERT, the cybersecurity agency in the healthcare sector, are in contact with ChipSoft to monitor whether this commitment is actually being fulfilled,” she writes in a letter addressed to the House of Representatives.
An investigation is currently underway by numerous supervisors into how patient records were stolen during the ransomware attack on ChipSoft.
“Based on the results of these studies, I will assess whether there is cause to establish additional requirements or guidelines regarding how patient data should be stored. If necessary, I will inform the House of Representatives of this,” Minister Sterk concludes her letter.
Although ChipSoft promises that all stolen data has been deleted, it remains unclear whether a ransom was paid to the attackers.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked