I hate relying on Google Translate, but this article seems to detail a very serious web leak involving a hospital in the Netherlands, Groene Hart Ziekenhuis. It seems the hospital used an outside provider who didn’t adequately secure the data and an ethical hacker was able to access patient records via FTP. Patient records going back to May 2008 are involved, but it’s not clear whether the data were on that server since 2008:
The entire patient file with the information of more than 493,000 people appears several times on the computer stand. It contains besides patient number, name, address, date of birth, telephone number and Social Security number is also information about the partner. In another file which patient is in which department is known.
[…]
The computer does not appear in the hospital, but in a datacenter from a provider that is accessible from the Internet.This access is via FTP, a technology not intended for transporting sensitive data because the information unencrypted over the Internet goes.
Another problem is that it is sensitive data after transferring the server are met. However, it appears that the medical records since May 2008 on the server were. The password of the administrator, ‘groen2000’, is very predictable.
h/t @edojwz