Database breach at genetic research company in Estonia

On 14 December 2023, the Estonian Data Protection Inspectorate (DPI) announced that a cyberattack had resulted in a data breach at Asper Biogene OÜ, a company specialising in genetic testing. Asper Biogene informed the police, the DPI and the Information Systems Authority (RIA) that an unauthorised person had accessed their database and downloaded various files.

The DPI said that around 100,000 different files were downloaded from the database, containing the personal data and health information of around 10,000 individuals. These individuals will be individually notified of the data breach by those who ordered genetic tests from Asper Biogene. The DPI has also released a list of 43 companies providing healthcare or other services that were affected by the incident.

DPI explained that the authorities are still working to determine the exact contents of the files and the full extent of the data affected by the leak. This work is aimed at identifying potential risks to the privacy and security of patient data, as well as assessing the potential consequences of the breach for those whose data may have been misused.

DPI has asked all entities that have worked with Asper Biogene to take additional precautions to protect patient data and prevent further privacy breaches. The DPI recommended strengthening IT security procedures, regular reviews of systems and continuous monitoring of network activity.

In addition, the DPI pointed out the need to take awareness-raising measures so that patients are aware of the possible risks associated with a breach of their data. Patients are advised to monitor their credit reports and be alert to potential fraud or unauthorised use of their data.

Asper Biogene, working with the relevant authorities, has taken steps to secure its systems and prevent similar incidents in the future. The company has committed to conducting a comprehensive security analysis and implementing additional data protection measures.