Healthcare facility – €9,200 Fine (Poland, 2024)

€9,200Urząd Ochrony Danych Osobowych13 June 2024Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A healthcare facility in Poland was fined EUR 9,200 after a ransomware attack led to the loss of personal data. The investigation revealed that the facility did not take proper steps to protect this data and failed to inform affected individuals about the breach. This case highlights the importance of having strong security measures in place to protect personal information.

What happened

The Polish DPA fined a healthcare facility EUR 9,200 for failing to protect personal data during a ransomware attack.

Who was affected

Patients whose personal data was compromised during the ransomware attack were affected.

What the authority found

The DPA found that the healthcare facility did not implement adequate security measures to prevent data loss, violating GDPR requirements.

Why this matters

This ruling emphasizes that companies must prioritize data security to avoid breaches and potential fines. It serves as a warning for all businesses to strengthen their data protection practices.

GDPR Articles Cited

AI-verified

Art. 24(1) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
Art. 34(1) GDPR
View original scraped data
Art. 24(1) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
(2) GDPR
Art. 34(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
articles corrected
national law identified
amount discrepancy
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Healthcare facility actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 9,200 on a healthcare facility. The company suffered a ransomware attack on its systems, resulting in the loss of personal data. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to prevent such incidents. Furthermore, the controller failed to notify the data subjects about the incident.

Related Enforcement Actions (0)

No other enforcement actions found for Healthcare facility in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

13 June 2024

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€9,200

Enforcement Tracker ID

ETid-2468

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Healthcare facility - Poland (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: