2 min

Medworq, a software provider for general practitioners in the Netherlands, has stored and shared unencrypted patient information for years. A whistleblower recently shared the news with Follow The Money, a platform for investigative journalism.

Medworq stored unencrypted patient information of at least 35 general practitioners. The data was shared with third parties without permission. The details of approximately 72,000 patients are involved.

The information was gathered via Medworq’s Insider dashboard, which allows general practitioners to compare patient data with insights from other practices. This is supposed to lead to better diagnoses and more efficient healthcare. The amount of general practitioners using Medworq is unknown.

Access by pharmaceutical companies

According to the whistleblower, internal documents and research by Follow The Money, Medworq held copies of patient data that should have been protected by law. This data was non-anonymised and unencrypted.

In addition to employees, financiers of the software company had access to the data. These included pharmaceutical companies GlaxoSmithKline, Amgen, NovoNordisk and Boehringer Ingelheim. GlaxoSmithKline, the largest financier, allegedly held a copy of Medworq’s entire database.

Medworq responds

In a response, Medworq’s board refutes the claim, noting that the patient data involved was destroyed in early 2020. It also states that the financiers had no access to the data. Furthermore, the board indicates that the data seen by Follow The Money was obtained through a data breach, of which the company was informed by a government agency.

The whistleblower is now said to be the subject of criminal proceedings. Medworq distances itself from the article and states that “it does not paint a proper picture of how Medworq handled personal patient data”.

Tip: Ericsson financed the Islamic State (IS) in major corruption scandal