Asl Napoli 3 Sud – €30,000 Fine (Italy, 2023)

€30,000Garante per la protezione dei dati personali28 September 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Asl Napoli 3 Sud was fined €30,000 after a ransomware attack exposed the personal data of 842,000 patients and employees. The healthcare facility failed to implement proper security measures, which allowed the attack to happen. This case underscores the need for strong data protection practices in healthcare.

What happened

Asl Napoli 3 Sud was fined for failing to secure its database against a ransomware attack.

Who was affected

842,000 patients and employees whose health data was compromised during the attack.

What the authority found

The Italian authority found that the facility did not take adequate steps to protect personal data, violating GDPR requirements.

Why this matters

This ruling highlights the critical importance of cybersecurity in healthcare. Organizations must invest in robust security measures to safeguard sensitive personal information.

GDPR Articles Cited

Art. 25 GDPR
Art. 32 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Asl Napoli 3 Sud actions
Full Legal Summary
Detailed

The Italian DPA has fined Asl Napoli 3 Sud EUR 30,000. The healthcare facility had suffered a ransomware attack that used a virus to restrict access to the healthcare facility's database and demanded a ransom to restore the functionality of its systems. During its investigation, the Garante DPA found that the controller had failed to install adequate technical and organizational measures to protect personal data. The incident affected data (including health data) of 842,000 patients and employees.

Related Enforcement Actions (0)

No other enforcement actions found for Asl Napoli 3 Sud in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

28 September 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€30,000

Enforcement Tracker ID

ETid-2080

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Asl Napoli 3 Sud - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: