Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. – €30,000 Fine (Italy, 2021)

€30,000Garante per la protezione dei dati personali2 December 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. was fined EUR 30,000 after a hacker accessed and published patient data, including radiological images, on Twitter. The nursing home failed to use strong security measures to protect sensitive information.

What happened

A hacker accessed and published patient data from Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. due to weak password protection.

Who was affected

Patients whose radiological images and personal data were exposed online by a hacker.

What the authority found

The Italian DPA determined that the nursing home did not implement adequate security measures to protect patient data, violating GDPR.

Why this matters

This case highlights the critical need for healthcare facilities to implement robust cybersecurity measures. It serves as a warning that simple passwords are insufficient to protect sensitive data from cyber threats.

GDPR Articles Cited

Art. 32(GDPR)
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. EUR 30,000. The nursing home notified the DPA of a data breach pursuant to Art. 33 GDPR. The facility had suffered a cyber attack by a hacker who gained access to personal data and published it. This included publishing radiological images of patients on his Twitter account. The DPA's investigation revealed that the home had only secured the data with simple passwords. For this reason, the DPA found that the home had failed to implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

Related Enforcement Actions (0)

No other enforcement actions found for Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 December 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€30,000

Enforcement Tracker ID

ETid-992

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Casa di cura Fondazione Gaetano e Piera Borghi s.r.l. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: