How a large Dutch health organization dealt with a data leak

National Cancer Institute

Meint Post

17 June 2024

In the spring of 2024 SecuMailer was asked to help out with managing the after effects of a sensitive data leak. The results of a highly private health investigation were shared with all recipients of that investigation which was not the intention. The health organization needed to reach out to all recipients who had inadvertently received the outcome of the health investigation. Because the corrective email itself contained sensitive health information the emails required additional security. The health organization asked SecuMailer to help out with delivering the emails with additional two factor authentication for the recipients.

NTA 7516 standard

The Netherlands has a specific standard for delivering health information and medical information via email. This the NTA 7516 standard, of which SecuMailer is one of the founding members. SecuMailer wrote the first version of this standard, after which it was adopted by the Dutch government and turned over to a committee to make it into a broad national standard.

Compliancy

The NTA 7516 standard has a set of functional and technical requirements which are verified via an independent audit process. SecuMailer complies with all requirements and has been audited by three different audit parties as it was part of the initial launching group for this standard. All certified audit parties got a chance to practice with SecuMailer as it was the gold standard for implementation.

The business problem

The challenge for the health organization was twofold: Ensure that the corrective email did not turn into another data leak and create a personalized, secure email based on a CSV export of the source data systems.
This is where the SecuMailer SaaS solution came in. The platform is certified for GDPR, NTA 7516 and it is a qualified EU Trust Service Provider ensuring that data security and data privacy are treated at the highest levels of integrity and confidentiality. One of the requirements of NTA 7516 is to require two factor authentication for senders and recipients. This covered one of the main requirements of the health organization in ensuring no repeat data leaks for this highly sensitive project. The second requirements was catered for by the platforms unique capability to generate secure, personalized emails based on a data set.

Proposed solution

The health organization delivers the source data for the secure email via a CSV upload. The CSV upload has a secure S3 bucket as its target, using S3 KMS encryption for securing the data at rest and using a TLS 1.3 connection for the actual data upload. As soon as the file has completed uploading the SaaS platform gets to work. An encrypted SQS message is fired off as soon as the upload completes. The encrypted SQS message is received by a Lambda and it starts processing the CSV file in memory. The Lambda will check for data quality issues, weed out any incorrect entries and store the CSV file in another S3 bucket. The same process with encrypted SQS will kick off another Lambda which will pick up the CSV file and turn the contents into personalized emails, based on a template provided by SecuMailer and customized by the health organization. As a last step the generated emails are stored in another S3 bucket, triggering an encrypted SQS message and invoking the last Lambda in the email personalization flow. This last Lambda will drop the emails on SQS with a delay queue so the emails won’t cause a huge spike in the SaaS platform whilst delivering the messages.

All data in S3 is verified and checked with the help of AWS GuardDuty for S3. Any findings are fed into AWS SecurityHub which is the singe pane of glass that SecuMailer uses for bringing together its threat intelligence and security baseline monitoring activities into one comprehensive overview.

The next step is having the SaaS platform proper process the generated emails. All email is processed by the AWS Lambda serverless platform. This offers unparalleled data security and data privacy advantages that are key components for the health organization. Because there are no permanent physical or virtual servers there is no data residue when processing emails. There are no traces left behind due to the fact that the containers that are used for Lambda processing are deleted after running. There would be no risk of an additional data leak with this technology.
SecuMailer uses AWS DynamoDB for storing meta data, combined with KMS encryption for data at rest. To safeguard integrity and availability of the data the platform uses DynamoDB Global Tables and Point-In-Time-Recovery (PITR). During processing of the emails temporary data storage is based on AWS S3 with KMS encryption for data at rest, meeting all requirements from the health organization with regards to data security.

Before emails are delivered the SaaS platform will investigate the recipient mail server(s) and determine whether it is secure enough to deliver the email. SecuMailer has developed its own SmartTLS engine to query the recipient mail server, verify its TLS version and its configured cipher suite. It will check for self-signed certificates, expired certificates or missing root and intermediate certificate authorities. The SaaS platform does the scanning via a serverless Lambda, using a VPC that is connected to the internet via a NAT Gateway for maximum security. Queries can only be initiated within the Lambda internal network, no outside connections can go in during this process. The outcome of the delivery is communicated back to Aegon via a webhook that uses Simple Email Services (SES) events transported via Kinesis and processed by AWS OpenSearch.

Shared responsibility model

As AWS states it, security of the cloud is the responsibility of AWS and security in the cloud is responsibility of the service provider, aka SecuMailer. Within the technical architecture AWS provides a secure Lambda platform with excellent data security and data privacy capabilities, These are further enhanced by extensive monitoring and tracing capabilities like GuardDuty for Lambda, AWS X-Ray and AWS CloudTrail. With these capabilities SecuMailer, and thereby the health organization, can be assured that there are no data integrity issues whilst processing the secure emails. This assurance can be reported upon so there is tangible evidence that the SaaS platform running on AWS maintains integrity throughout the data processing cycle.

Result

The end result is that the health organization was able to efficiently and securely inform the data leak recipients, using two factor authentication for enhanced identification. During processing all data assets where assured of high integrity and high confidentiality handling due to the additional monitoring and security baseline verifications. There were no data leaks and all recipients were correctly informed with a secure email delivered straight in their inbox, with no additional hassle.

Using the cloud technology of AWS and enhanced by specialist knowledge of SecuMailer the SaaS platform has recently been able to achieve the highest level of trust by recently becoming a qualified EU Trust Service Provider for secure email (qREMSP – qualified Registered Electronic Mail Service Provider). Combining proven and innovative AWS services with SecuMailers deep understanding of email security has created a secure and trustworthy solution for the health organization.

Implementation

Onboarding with SecuMailer is done by the following steps:

  • Buy your solution on AWS Marketplace
  • Follow your implementation instructions ( 30 minutes- 2 hours work)
  • Get personal workshop to integrate alle privacy measures also in your organization policy
  • Start sending out all your emails secure and fully compliant with GDPR and eIDAS

Background information SecuMailer:

SecuMailer is a private company. We provide our customers with a SaaS solution to send confidential information by secure email.

SecuMailer was started in 2017 by Yvonne Hoogendoorn CIPP/e and Meint Post CISSP / ISSAP

SecuMailer is fully compliant with the GDPR and certified for eIDAS , ISO 27001:2002, NTA 7516 and has the ECSO-label ( European Cyber Security Organization).

SecuMailer is available on the AWS Marketplace.

SecuMailer is one of the founders of the Dutch regulation NTA7516 for secure email with personal medical information. This regulation combines elements of the GDPR, The eIDAS and the Dutch medical laws.

Lees verder

Aegon Insurance uses SecuMailer to send its insurance policies securely to customers

Aegon Insurance is one of the biggest insurers of The Netherlands. It has 30 million customers worldwide, with products ranging from life insurance to pensions and wealth management. Aegon is a publicly traded company at the AEX Exchange in The Netherlands. The business problem For Aegon Liability Insurance a solution was needed that would allow…

Secure automated emails with Covid-19 test results, fully compliant with European privacy laws

For the Dutch national Health organization GGD-GHOR and Commercial Covid-19 test facilities SecuMailer processed almost 75% of all covid-19 test results in the Netherlands in 2021 and 2022, without any data leaks and compliant with stringent government requirements. Test results were send by secure email with SMS code to Dutch citizens. Fully compliant with GDPR…