Data leaks through AI: why healthcare must be extra vigilant

Last weekend, Dutch financial newspaper Het Financieele Dagblad published an article about a trend that doesn't surprise us, but does concern us: the number of data leaks caused by AI use in the workplace is growing. The Dutch Data Protection Authority received dozens of reports in 2024 and 2025, and the number keeps rising.

What went wrong in Eindhoven?

The FD describes an incident at the municipality of Eindhoven. After a sample period of just 30 days, it turned out that employees had shared CVs, youth care documents, and internal reports with free AI chatbots like ChatGPT and Claude.

How big the leak actually is, the municipality doesn't know. The data was only retained for 30 days. After that, the scope can no longer be determined.

Why this directly affects healthcare

The article explicitly mentions youth care documents. Those are by definition documents containing sensitive patient information, protected by medical confidentiality.

But the problem is broader. In daily practice, healthcare professionals copy and paste dozens of times a day. From EHR to letter, from lab result to consult, from note to search query. It's efficient and inevitable.

But in that hectic flow, it can happen: you accidentally include personal data in a question to an AI tool. With free tools like ChatGPT, that information disappears into a black box. You don't know where it goes, whether it's used for training, or whether it ever comes back in answers to other users.

Shadow AI: the invisible risk

The FD introduces the term "shadow AI": employees who, on their own initiative, use free AI tools, out of sight of the organisation. Even when an organisation offers paid, secure alternatives, people often reach for what they know.

The solution isn't to ban AI. That doesn't work, and isn't desirable either. The solution is to provide secure alternatives that make the right behaviour easy.

How Ask Aletta does this differently

We have taken this risk seriously from the start. That's why we built automatic PII detection into Ask Aletta.

Every question is automatically checked for personal data, before it is processed. We do this with our own detection model, running entirely on our own infrastructure in the Netherlands. No external cloud providers. No third parties.

If we detect something? You get a notification immediately as a user. With one click, you anonymise the sensitive data and your search query can still be carried out safely.

In the rush of daily practice, a small mistake is quickly made. We help you prevent it.