Società Med Store Saronno s.r.l. – €7,000 Fine (Italy, 2021)

€7,000Garante per la protezione dei dati personali2 December 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Società Med Store Saronno s.r.l. was fined EUR 7,000 after a hacker accessed and published patient data, including radiological images, on Twitter. The facility's use of simple passwords was insufficient to protect sensitive information.

What happened

A hacker accessed and published patient data from Società Med Store Saronno s.r.l. due to weak password protection.

Who was affected

Patients whose radiological images and personal data were exposed online by a hacker.

What the authority found

The Italian DPA found that Società Med Store Saronno s.r.l. failed to implement adequate security measures, violating GDPR.

Why this matters

This case emphasizes the importance of strong cybersecurity practices in protecting sensitive patient data. It serves as a reminder that healthcare providers must use robust security measures to prevent unauthorized access.

GDPR Articles Cited

Art. 32 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Società Med Store Saronno s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Società Med Store Saronno s.r.l. EUR 7,000. The nursing home notified the DPA of a data breach pursuant to Art. 33 GDPR. The facility had suffered a cyber attack by a hacker who gained access to personal data and published it. This included publishing radiological images of patients on his Twitter account. The DPA's investigation revealed that the home had only secured the data with simple passwords. For this reason, the DPA found that the home had failed to implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

Related Enforcement Actions (0)

No other enforcement actions found for Società Med Store Saronno s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 December 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€7,000

Enforcement Tracker ID

ETid-991

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Società Med Store Saronno s.r.l. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: