Dutch hospitals have reported 304 potential leaks of sensitive information to the Dutch data protection agency DPA since the beginning of this year, Trouw said on Thursday.

Reporting has been compulsory for a wide variety of organisations since the start of this year.

The agency has refused to give any information about the size and type of the leaks, saying it would be too easy to trace the hospitals which are responsible. But in general, the leaks are mainly caused by unsecured connections and human error, the agency said.

One case which hit the headlines earlier this year was the loss of an unencrypted hard disk containing information about 800 patients attending the Antoni van Leeuwenhoek cancer hospital in Amsterdam.

In total, 4,700 different organisations reported potential leaks to the agency, with around 25% coming from healthcare providers.

Necessary

‘There is a great willingness to comply with the reporting requirement, so a report is made even if there are doubts about whether it is necessary,’ a spokesman for the Dutch hospitals association told Trouw.

The loss of a flash drive and a mailing which is sent out without addresses being screened off are also considered data leaks, Trouw said.

Organisations which fail to comply can be fined up to €820,000.