Sensitive Dutch Medical Records Bought in Bulk at Flea Market in the Netherlands

A bargain hunter from the Netherlands stumbled upon a trove of sensitive medical records on a bunch of hard drives he bought from a local flea market.

Salvaged sensitive data from scrapped hardware

A man from the Dutch city of Breda unwittingly stumbled upon a trove of sensitive medical records belonging to Dutch citizens while thrifting for used hard drives.

62-year-old Robert Polet made the discovery after buying five 500GB hard drives for €5 (roughly $5.21) each and setting them up to expand his storage capabilities for photographs and drone recordings.

Numerous types of medical data found

Polet found 15GB worth of sensitive medical information dated 2011-2019, mainly of people living around the Delft, Houten, and Utrecht regions, including:

• Dates of birth
• Citizen service numbers (BSN, the Dutch equivalent of Social Security numbers)
• Home addresses
• Names
• Medication details
• General practitioner data
• Pharmacy data

Most files have been reportedly left untouched on the scrapped hard drives, but Polet also used deep scanning recovery techniques to salvage some of the deleted files.

Following the startling discovery, the man returned to the flea market and purchased another 10 hard drives from the seller.

Records originating from an out-of-business software company

According to broadcaster Omroep Brabant, Polet only managed to analyze two of the 15 HDDs, so more sensitive data is expected to surface following closer analysis.

“From an email exchange between Robert and an affected healthcare organization in the province of Utrecht, the ICT department states that the data originates from the company Nortade ICT Solutions from Breda,” as Omroep Brabant reported. “They implemented software for the healthcare sector, but the company no longer seems to exist. The website is no longer online and nothing can be found about the company in the trade register of the Chamber of Commerce.”

Wiping sensitive data is often overlooked

The standard procedure for companies that handle sensitive digital data is to officially erase disks and receive a document that certifies the wiping procedure.

However, this procedure costs money, and many companies resort to selling no longer-used hardware to refurbishers. From a cost perspective, it is obvious why many companies prefer the latter, especially those who struggle financially.

Safeguarding your privacy

While most data breaches occur due to security incidents (e.g., ransomware attacks), the effects can be equally devastating if they happen through carelessness or by accident.

Specialized software like Bitdefender Digital Identity Protection can help you stay prepared for when disaster strikes by letting you know the extent of your digital footprint.

It features a comprehensive dashboard of your online data, including traces from services you no longer use, notifying you instantly if you have been compromised by a breach, and helps you patch weak spots in your digital footprint with quick, one-click action items.