Centro di Medicina preventiva s.r.l. – €10,000 Fine (Italy, 2021)

€10,000Garante per la protezione dei dati personali16 December 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Centro di Medicina preventiva s.r.l. was fined EUR 10,000 by the Italian privacy authority after a hacker published patient data online. The medical center failed to secure its systems, allowing unauthorized access to sensitive information.

What happened

A hacker accessed and published patient data from Centro di Medicina preventiva s.r.l. due to inadequate security measures.

Who was affected

Patients whose personal and sensitive data, including radio-diagnostic tests, were exposed during the cyberattack.

What the authority found

The Italian DPA found that the medical center did not implement proper security measures to protect patient data, violating GDPR requirements.

Why this matters

This case serves as a warning to healthcare providers about the critical need for robust data security measures. It emphasizes the importance of safeguarding sensitive information against cyber threats, aligning with GDPR's focus on data protection.

GDPR Articles Cited

Art. 5 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 37 GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Centro di Medicina preventiva s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Centro di Medicina preventiva s.r.l. EUR 10,000. The controller reported a database under Art. 33 GDPR in connection with a cyberattack by a hacker group. During the cyberattack, the hacker managed to gain access to a list of patient data. The hacker then published this list that contained personal data, including sensitive data, of patients and radio-diagnostic tests on Twitter. The DPA found that the controller had not implemented appropriate technical and organizational measures to ensure the security of the personal data. For example, the medical center's server disclosed the requested personal data during a query without verifying the identity and credentials of the requester, allowing unauthenticated connections to reach from outside the medical center.

Related Enforcement Actions (0)

No other enforcement actions found for Centro di Medicina preventiva s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

16 December 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1015

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Centro di Medicina preventiva s.r.l. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: