[Svip]

Correction: SSI sent a letter containing two unencrypted CDs containing CPR-numbers and health records for 5.28 residents in Danish municipals between 2010 and 2012 to the Danish statistics agency (Statistics Denmark).

Post Danmark (postal service) accidentally delivered the letter to Chinese Visa Application Centre instead. When the employee responsible for receiving the letter noticed the mistake upon opening, the employee turned the letter with the two CDs to Statistics Denmark.

According to the employee's story, this was done immediately. And the investigation team says they have no reason to doubt the validity of her story.

To sum up: The investigation team believe that the Chinese Visa Application Centre never actually saw the contents on the CDs. SSI sent the data unencrypted, and the postal service delivered the letter to the wrong recipient.

Edit: Changed wording from blaming the postal service.

[mseebach]

That's the problem with blame culture. It needs to be someones (emphasis ONE) fault, and then anyone else can breathe a sigh of relief and move on.

It's blatantly irresponsible that SSI even has the infrastructure to burn CDs with this information on it (it needs to live in heavily secured, jealously guarded and scrupulously audited (ideally airgapped) computer system). If they absolutely need this capability, it's blatantly irresponsible to let such a CD out of the care of trusted employees -- and if they absolutely need to post it, they need to heavily encrypt it.

It's not meaningfully "the post service's fault".

[Svip]

I apologise, that summary was inaccurate. But parent's wording seemed to indicate that the SSI had sent the letter to the wrong recipient when that was not the case. I wanted to clear that up.

The problem is that SSI sent the data unencrypted.

[kwhitefoot]

The problem was that they sent it at all.

[ams6110]

I hate to tell you this but such information is widely emailed around as excel spreadsheet attachments by unthinking people. I would virtually guarantee it happens every day.

[SoreGums]

This is how the US debt collection system works according to an article I read a couple of years ago...

[digi_owl]

Likely the capability exits for when someone moves to another part of the country, and the local doctor wants to check the new patient's medical history.

Note also that the data was meant for what i assume is the national statistics office. Likely for investigating changes in danish public health over recent years.

Unless by airgapped you mean to build a separate, free standing, network just for delivering medical records to doctor's offices around the nation.

[mseebach]

First, this is not about doctors exchanging patients' medical histories, it's about two central government offices exchanging everybody's medical histories.

Second, the fact that security is (really!) hard is not a valid argument against doing it.

Third, there's a huge difference between the appropriate levels of security around individual patients' medical histories, a single doctors office worth of patients' data, and then the collective medical histories for every single patient in the nation.

[DanBC]

> Third, there's a huge difference between the appropriate levels of security around individual patients' medical histories, a single doctors office worth of patients' data, and then the collective medical histories for every single patient in the nation.

Hang on: If you're extracting an individual's medical data and putting that on a USB stick you better make sure it's encrypted, and that there are audit trails in place for who extracted the data, when, and why, and where they put it.

[walshemj]

Yes if its everyone's data you have a senior member of staff drive over and deliver it by hand Denmark isn't a very large.

[Lawtonfogle]

That it is hard isn't an excuse. That the customers don't pay for security is. And by pay I mean not only the paycheck but also funding and giving prestige and power to doing so. Government IT security is often seen as a necessary evil and most troubles stem from that view.

If you buy a cheap knockoff don't complain when it turns out to not be as good.

[peteretep]

https://en.m.wikipedia.org/wiki/N3_(NHS)

[throwanem]

How long does a modern machine need to copy off the contents of a couple of CDs? Were the discs in tamper-evident packages?

[Svip]

No long, I'd imagine. But again there is little to no way to figure out for sure whether the Chinese government has this information. The story really highlights the careless handling of data, because the chances of the Chinese government (or any other third part) getting access to these data is way too high.

[pilif]

> But again there is little to no way to figure out for sure whether the Chinese government has this information

assume they have it.

[seszett]

Let's assume they have it.

What kind of interest would you say the Chinese government has in the health records of a few million Danish residents? I don't know, maybe it's really important, but then maybe it's not that critical after all.

[peteretep]

Hi, nice to meet you Johan! Can I get you a drink? Oh, you're an electrician? That's nice, I sell light fixtures.

...

Good to see you again Johan! You'll never believe, I was down at XYZ Clinic yesterday, and they'd left your file out!! Careless right? How did you break it to your wife you had herpes? Oh, she didn't know?! Man, sorry I mentioned it, I'll keep that quiet for sure.

...

Man, it's been a hard month Johan. Sales are down! Hey, you told me you worked at the DaneSecure building right? Oh you didn't? Someone else must have told me that. But look, don't worry. I can keep secrets!! Look could you do me a favour? I need to know what kind of light fixtures they use at DaneSecure so I can pitch to them. Could you take a look and let me know? I'd like to know what kind they are, and specifically, how many are installed on Level 7. You know we're friends, because you know I can keep my mouth shut.

...

Johan, we have a problem!!! My boss said that because we're Chinese-owned, you telling me about the light-fittings in a classified area is technically passing on state secrets!!! You have a lawyer right? No?! OK, here's the plan, don't tell anybody, and we'll figure a way to keep us both out of jail!

...

Are you OK Johan? You look kind of pale. You haven't been worrying about this all week have you? Oh you have? OK well don't worry, I've got a solution. My boss has said he thinks he can stop our corporate lawyers reporting it, and we'll both be fine. There's a small catch favour he wants from us though. He needs to know the power consumption of the floor to help us tailor our pitch. Do you think you could plug this thing in to a light fixture for me? I think we're both going to be fine...

...

Johan, I have some bad news for you? Remember I said I sold light fixtures? Well that wasn't the whole truth...

[ams6110]

You forgot the part after step two where Johan the electrician beats the shit out of the little Chinese guy.

[tedunangst]

I'm confused. Who is this mysterious stranger who doesn't sell light fixtures?

[throwanem]

Probably none, but you don't stay a power in the modern world by turning up your nose at any kind of information that comes your way.

[adrianratnapala]

They use it can track the movements of Chinese residents abroad, to blackmail Danes who are assisting Chinese disidents, run scams at doctors offices or insurers in order to get documentation for spies. I am sure there is more, I am no expert in this sort of thing.

[pilif]

Plus identity theft to help spies assume a false identity when gathering information. And of course: Selling the health records to insurers in order to allow them to set prices for prospective customers. I'm sure insurance companies would pay nicely for this.

[ben_jones]

Executive blackmail I imagine. You're a Chinese billionaire with connections to the government, you are in the midst of a deal with a large Danish corporation, you email you're government contacts for the medical records of all the executives of that company. You find out one is an alcoholic, one has recently contracted herpes (and his wife hasn't), and so forth.

[Jach]

Assume they had it already.

[rasz_pl]

Was postman of Chinese descent?

[busterarm]

Virtually all spy agencies recruit foreign nationals to do their dirty work.

Also your question has a 1 in 5 chance of the answer being "Yes".

[OJFord]

    > Also your question has a 1 in 5 chance of the answer being "Yes".

Assuming a uniform distribution of postman nationality. If we go by the CS literature, postmen seem always to be Chinese. :)

[zht]

why does it matter?