Östergötland Region

€243,800

Insufficient technical and organisational measures to ensure information security

Tanggal Keputusan

3 Desember 2020

Wewenang

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)

SE

Sektor

Health Care

Negara

SE

Hukum

GDPR

Status

FINAL

Deskripsi

The Swedish DPA (Integritetsskyddsmyndigheten) fined Östergötland Region SEK 2,500,000 (EUR 243,800) for failing to implement adequate technical and organizational measures to ensure information security. It was found that there was no risk analysis regarding the access to patient data. Authorizations for users of the hospital information system Cosmic were not assigned according to the principle of minimum access. This gave users full access to confidential patient data that they did not need for work purposes.

Kutipan Hukum

Art. 5 (1)Art. 5 (2)Art. 32 (1)Art. 32 (2)

Masalah & Pelanggaran

Insufficient technical and organisational measures to ensure information security
Lihat Dokumen Resmi
Kembali ke Basis Data Denda
Sebelumnya Denda
Spanish Data Protection Authority (aepd) - Dr Marí...
Berikutnya Baik
Data Protection Authority of Hamburg (HmbBfDI) - C...

Tetap Terupdate tentang Penegakan Privasi

Kami menghormati privasi Anda. Satu email per bulan, tidak ada spam, berhenti berlangganan kapan saja.