Paternity and fertility tests among data stolen in Asper Biogene cyberattack

Among the health data illegally downloaded from genetic testing company Asper Biogene's database were details related to paternity and fertility tests. Some of the data is easily understandable and can be directly connected to specific individuals, Pille Lehis, director general of the Data Protection Inspectorate, said on ETV morning show "Terevisioon.".
"Paternity tests, fertility tests, [tests related to] genetic conditions, very sensitive data," Lehis said in response to a question from the show's presenter, regarding the nature of the data leaked.
"The precise content of the data will become clear in the course of the procedure," she said, adding that among the 100,000 data items illegally downloaded were some analysis responses which contain individuals' names, personal identification numbers and other details on pdf documents, some of which are also very easy to interpret.
"In certain cases, the person is matchable with their health data," Lehis said.
A total of 33 gigabytes of data, spanning from 2009 to the present day, was obtained in the attack.
"People [whose data was leaked] are generally those who have contacted a healthcare provider. We're mainly talking about patients in hospitals," Lehis said.
On Thursday, Lehis said that the consequences of the leak could have been mitigated if the health data had been encrypted or pseudonymized by Asper Biogene. That is, kept independently of patient names and personal identification codes.
On Thursday, the State Prosecutors Office said that files containing personal and health data belonging to approximately 10,000 people were illegally downloaded from the Tartu-based genetic testing company Asper Biogene's database.
Asper Biogene, which specializes in the diagnostics of hereditary diseases, alerted the Police, the State Information System Agency (Riigi Infosüsteemi Amet), and the Data Protection Inspectorate on November 11.
A criminal investigation has been launched by the Southern Prefectural Criminal Bureau which is in the process of collecting evidence. The Data Protection Inspectorate (Andmekaitse Inspektsioon) has also initiated a supervisory procedure against the data processor.
Approximately 100,000 files were copied and downloaded. The database contains 10,000 people's information and those affected will be notified personally by their health care providers.
It is not yet known exactly what was downloaded, but it is known some of the files contained genetic testing results ordered by healthcare providers and individuals from the company.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Michael Cole