Skip to content
Enforcement
EN

Istituti ospedalieri bergamaschi: Insufficient technical and organisational measures to ensure information security

€45,000 fine - Italian Data Protection Authority (Garante)

€45,000 Fine
Istituti ospedalieri bergamaschi
ITALY
Insufficient technical and organisational measures to ensure information security

Content

The Italian DPA (Garante) has imposed a fine of EUR 45,000 on Istituti ospedalieri bergamaschi. The DPA initiated an investigation against the controller after it reported a data breach to the DPA. A patient had mistakenly received medical records and clinical documentation from seven other patients in his digital medical record.

GDPR Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 32 GDPR
Industry: Health Care