Private healthcare provider – €387 Fine (Czech Republic, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Czech healthcare provider was fined for not securing its websites properly after a security breach. The breach exposed patient test results, and the company failed to improve security on its other sites. This case highlights the importance of maintaining robust security measures to protect sensitive health information.
What happened
The healthcare provider's website was attacked, exposing patient test results, and they failed to secure other similar websites.
Who was affected
Patients and physicians accessing test results on the healthcare provider's websites were affected.
What the authority found
The Czech authority fined the healthcare provider for not implementing adequate security measures as required by GDPR.
Why this matters
This case underscores the need for healthcare providers to prioritize cybersecurity, especially when handling sensitive patient data. It serves as a reminder that failing to secure websites can lead to regulatory fines and loss of trust.
GDPR Articles Cited
The Czech DPA (UOOU) conducted an investigation against the operator of a non-governmental medical facility following a security breach. The operator offers a range of diagnostic tests to patients. The results of the tests are subsequently communicated on its website to both patients and physicians who recommended the tests. The reported security breach involved an attack on the operator's website by an unknown individual. Following this incident, the operator stopped operating the website in question and proposed technical measures to increase security. However, the DPA still found that other websites operated by the same operator had the same shortcomings. Yet, the operator did not restrict their operation nor did it take any new technical measures. As a consequence, the UOOU imposed a fine of EUR 387.
Related Enforcement Actions (0)
No other enforcement actions found for Private healthcare provider in CZ
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
1 January 2020
Authority
Úřad pro ochranu osobních údajů
Fine Amount
€387
Enforcement Tracker ID
ETid-639
About this data
Cite as: Cookie Fines. Private healthcare provider - Czech Republic (2020). Retrieved from cookiefines.eu
Last updated: