The investigation into the Asper Biogene data leak that came to light last week is still ongoing, while at least one case is already known where an attempt was made to extort money from a person in connection with the data leak.
When the data theft case became public, police warned that scammers could take advantage of the situation and that people should be especially careful when someone asks about their health data.
Police told ERR that they have so far received one report of a case in which Asper Biogene’s data leak was used for blackmail.
“The police are investigating a case where a person was called and informed that his data had been leaked. In this regard, we also proactively made a public notification last week so that people were attentive to the content of emails sent to them. Under no circumstances should you click on any web link or do anything until you are absolutely sure that the sender is indeed a real healthcare worker,” said Jaanus Juhanson, head of the Prefecture’s Cyber and Economic Crimes group of the South .
“If people want to ask further questions about the leak of their data, they should do so with a digitally signed statement or by another means that allows for personal identification, so that the healthcare provider can ensure that the person requesting the data is who is asking. pretend to be,” he added.
Asper Biogene’s general manager, Hardi Tamm, told ERR that the criminals have not approached Asper Biogene again, nor have they made any new ransom demands or other threats.
Juhanson said evidence gathering in the criminal case is currently underway and no one has been charged under suspicion.
“In this investigation, international cooperation also needs to be done to collect evidence, so it will take time to clarify the circumstances,” he said.
The criminal case takes place according to the section of the Criminal Code on illegal access to a computer system. The chief prosecutor of the Southern District Prosecutor’s Office, Kretel Tamm, said the criminal can be fined or sentenced to up to three years in prison.
To clarify the circumstances of the data leak at Asper Biogene, the police initiated a criminal case and the Data Protection Inspectorate initiated a supervisory procedure.
The procedure is still ongoing at the Data Protection Inspectorate
Tamm said some data was downloaded, but he couldn’t say whether it was all the data collected since 2009 for the investigation.
When asked whether (health) data on people or rather reports on this data are downloaded, Tamm replied that these are rather reports.
“Our data is mostly analysis-specific. To clarify, it is reasonable to divide the entire activity into two directions: medical genetics and tests aimed directly at the consumer. In the first, the analysis performed is personalized, that is, there it is a name and personal identification number, while in the second it is not. In the case of genetic tests aimed directly at the consumer, the identity is not verified nor is the transport of the samples to the service provider tracked, which is why the results cannot be legally linked to specific people and their personal data. Therefore, in the case of the test ordered at home, no one checked the correspondence between the applicant’s name written on the answer and the real person,” Tamm said.
The Data Protection Inspectorate told the ERR that the procedure is ongoing, it is not possible to say how long it will last and how big the fine will be.
The director general of the Data Protection Inspectorate, Pille Lehis, said that the health data of 10,000 people illegally downloaded from the Asper Biogene database includes paternity tests and genetic diseases, and some of them are easy to understand and directly linked to a specific person.
Lehis added that among the 100,000 data units there are analysis responses with a person’s name, personal identification number and so on, PDF documents, some of which are also very easy to understand. “In some cases, a person can be assembled with health records,” Lehis said.
Tamm said that incorrect information reached the media last week, as if Asper Biogene was also carrying out fertility tests. The company, in fact, carries out genetic tests for over 2,000 diseases and diagnoses diseases with a significant genetic component (for example predisposition to hereditary cancer or thrombosis). Direct consumer testing is also carried out.
Last week it was revealed that files containing health data were illegally downloaded from the database of genetic testing company Asper Biogene. Around 10,000 people’s personal and health data were downloaded from the database.
2023-12-24 13:24:00
at-least-one-case-of-extortion-is-known-after-the-asper-biogene-data-leak-estonia