The President of the UODO has fined the Independent Public Health Care Center in Pajęczno 40 thousand zlotys. As a result of the hacking attack, the facility lost access to patient and employee data. It took corrective action only after the fact. Before that, it had not conducted a risk analysis for personal data. Thus, it could not effectively protect personal data.
The hacking attack occurred in February 2022. The malicious ransomware encrypted the personal data of 30,000 patients and more than a thousand employees. ZOZ notified the Office of Data Protection and the police. However, it concluded that the attack was not serious, because the data did not leak - it only became inaccessible (an external expert indicated that the data could not be decrypted - the attackers made decrypting the data conditional on paying a ransom in cryptocurrency).
However, the President of the DPA determined in the proceedings that the matter was significant. The ORO did not respond ...
Content locked
To gain access to the complete English section of the Medexpress.pl, kindly reach out to us at [email protected].
If you already have an account, please log in
