L. Zamenhof University Children's Clinical Hospital in Białystok
€15,600
Insufficient technical and organisational measures to ensure information security
Decision Date
June 30, 2025
Authority
Polish National Personal Data Protection Office (UODO)
PL
Sector
Health Care
Country
PL
Law
GDPRStatus
FINALDescription
The Polish DPA has imposed a fine of EUR 15,600 on the L. Zamenhof University Children's Clinical Hospital in Białystok. The controller did not implement sufficient technical and organisational measures to ensure information security, resulting in a ramsomeware attack on its IT systems.
Legal Citations
Art. 5 (2)Art. 32
Issues & Violations
Insufficient technical and organisational measures to ensure information security