Centric Health Ltd. – €460,000 Fine (Ireland, 2023)

€460,000Data Protection Commission23 January 2023Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Centric Health Ltd. was fined EUR 460,000 after a ransomware attack exposed and destroyed personal data of about 70,000 people. The Irish Data Protection Commission found that the company didn't have enough security measures in place to protect this data. This case highlights the importance of strong data protection practices for healthcare providers.

What happened

Centric Health Ltd. suffered a ransomware attack that accessed, altered, and destroyed personal data without authorization.

Who was affected

Approximately 70,000 people whose personal data, including names and contact details, were compromised in the attack.

What the authority found

The Data Protection Commission found that Centric Health Ltd. failed to implement adequate security measures, violating GDPR's requirements for data protection.

Why this matters

This ruling underscores the critical need for healthcare companies to invest in robust cybersecurity measures. It serves as a warning that inadequate data protection can lead to significant fines and reputational damage.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Section 111 Data Protection Act 2018
Section 110 Data Protection Act 2018
Source verified 6 March 2026
national law identified
Ireland enforcementData Protection Commission actionsAll Centric Health Ltd. actions
Full Legal Summary
Detailed

The Irish DPA has imposed a fine of EUR 460,000 on Centric Health Ltd.. The controller suffered a ransomware attack in which personal data such as name, date of birth and contact details were accessed, altered and destroyed without authorization. Data records of approximately 70,000 people were affected, of which 2,500 were permanently affected. The DPA's investigation found that the healthcare facility had failed to implement adequate technical and organizational measures to protect personal data, which facilitated such an attack.

Related Enforcement Actions (0)

No other enforcement actions found for Centric Health Ltd. in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

23 January 2023

Authority

Data Protection Commission

Fine Amount

€460,000

Enforcement Tracker ID

ETid-1666

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Centric Health Ltd. - Ireland (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: