Hacker breaks into Luxembourg healthcare database

Photo: dpa-tmn

(CS) Over 48,000 medical files on licensed athletes in Luxembourg have been hacked, after a patient discovered his doctor's database username and password on a post-it.

The hacker visited his doctor where he discovered the username and password for the medical database stuck to the doctor's computer screen on a post-it.

He was then able to break into the dossiers of the “Service médico-sportif”, dating back to 2005. All medical data, such as injuries and surgeries are noted in the files, as well as personal details including addresses and information on the parents.

Pirate Party criticises Medico

Luxembourg's Pirate Party has used the occasion to voice criticism on the Medico database and the shortsightedness with which the government was handling sensitive information.

Luxembourg Pirate party head Sven Clement said in a press statement that the “government is underestimating the dangers of large databases with personal information.” The development of a reliable security system should be the top priority, continued Mr Clement.

While it has been suggested that the hacker is a member of the Grand Duchy's Pirate Party, Mr Clement told wort.lu/en that this information could not be confirmed at this point, and that no questioning of the party's members on the matter had taken place.

Sports minister Schneider wants to find culprit

In the meantime sports minister Romain Schneider has condemned the incident, saying that the culprit was a thief who had stolen a password, rather than a hacker.

Speaking to a DNR journalist, Schneider was confident that the trace of the offender would be tracked, saying the ministry was seeking judiciary measures.

Additionally, Schneider said that not all 48,670 files had been viewed, but in fact only a small part of this number.