Hundreds of test results carried out in recent years by the nationwide network of medical laboratories ALAB have been leaked to the Internet. You can check whether criminals have our data.
Medical data of up to 50,000 Poles could be made available on the Internet. This is the result of a hacker attack on one of the largest nationwide networks of medical laboratories, ALAB. This is a company that carries out this type of activities for most private medical networks. Criminals threaten that if they do not receive a ransom, they will publish the rest of the illegally obtained data.
ALAB patient data leak. How to check your data?
According to hackers, this is just a trial leak, and the real one may be much bigger. According to the Zaufana Trzecia Strona portal, the criminals allegedly intercepted as much as 5 GB of medical data, as well as 1 GB of contracts concluded by ALAB. These are to be documents from 2017-2023.
You can check whether our data also ended up in the hands of criminals. The government website BezpieczneDane.pl recommends going to the websitebezpiecznedane.gov.pl/sprawdz-email and checking for a possible leak using a trusted profile (the steps are described at the link provided).
And how can we control whether someone has used our personal data? It is no longer possible to act pre-emptively here: you should monitor your bank accounts and payment cards for unauthorized transactions. “It is also worth checking your credit history regularly at the Credit Information Bureau to identify potential irregularities or suspicious activities. It is also important to carefully monitor the correspondence received and respond to any suspicious notifications or requests for personal information,” we read on the BezpieczneDane.pl website.
However, patients who have used ALAB’s services should not panic immediately. The criminals admitted that they had the results of over 54,000 tests that were commissioned to ALAB by three contractors:
– clinic from Łomianki (research period: October 31, 2017 to May 26, 2020),
– clinic from Warsaw (research period: March 23, 2021 to April 27, 2023),
– medical practice from Łódź (research period: April 21, 2021 to September 27, 2023).
There is no information about leaks from other facilities.
Data leak. What can criminals use them for?
“The company would like to assure you that the matter is being treated as a priority and with the utmost seriousness. The main goal of the Company is to clarify the incident in cooperation with authorized public institutions,” ALAB assured in a statement.
It also lists possible negative consequences for patients. Belong to them:
third parties obtaining loans from non-bank institutions, to the detriment of persons whose data was breached, because many such institutions allow obtaining a loan or credit in an easy and quick way, e.g. via the Internet or by phone without the need to present an identity document,
obtaining access to health care services provided to persons whose data was breached and their health data, because access to patient registration systems can often be obtained by telephone by confirming one’s identity using a PESEL number,
exercising the civil rights of persons whose data was breached, e.g. to vote on participatory budget funds, which in turn would prevent persons whose data was used in an unauthorized manner from exercising their rights,
fraud of insurance or insurance funds, which may result in negative consequences for data subjects in the form of problems related to attempts to attribute responsibility for such fraud to them,
registering a pre-paid phone card, which may be used for criminal purposes.
Let us emphasize: these are possible consequences. It is unclear how criminals want to use the stolen data.
Reserve your PESEL number
From November 17, 2023, you can reserve your PESEL number – using the mObywatel application or in person at the headquarters of any commune. The Ministry of Digital Affairs explained that the system is ultimately intended to protect Poles against possible consequences of identity theft – we read on the WP Finanse website. This possibility will not immediately open a security umbrella over us: banks, loan companies, telecommunications operators and notaries will be obliged to check whether their client’s PESEL is not restricted only from June 1, 2024. Currently, they do not have such technical possibility.