Punishment against hospital
A hospital in Portugal was sentenced to a fine for failing to comply with the GDPR. The Portuguese data protection authority noted that access to medical data was not limited to doctors and other medical personnel, but users with the “technician” profile could also indefinitely view patient medical records. Furthermore, it was found that approximately 900 active user accounts with the profile “doctor” were present, although the hospital employs only about 300 doctors.
Type of Issue:
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
32. Security of processing
heise.de News (german)