The authority imposed a fine of 1.5 million euros, an amount “decided in view of the seriousness of the breaches”.
The amount of the fine is commensurate with the seriousness of the facts: the software publisher Dedalus was ordered to pay a fine of 1.5 million euros by the National Commission for IT and Freedoms (Cnil) for its responsibility in the leak of medical data of 500,000 French people. This company notably sells software to medical analysis laboratories.
In February 2021, an Internet user posted a database on a website containing, in addition to names and Social Security numbers, sensitive medical information (HIV, cancers, genetic diseases, pregnancies, drug treatments followed, genetic data, etc. ).
After investigating, the personal data policeman concluded that there were serious security breaches in the general data protection regulations (GDPR). Lack of encryption of certain data, no request for authentication or automatic deletion of data after migration, etc. “This lack of satisfactory security measures is one of the causes of the data breach which compromised the medical and administrative data of nearly 500,000 people. “, concludes the Cnil, which made public this sanction because of the importance of the case. Companies have an obligation of means to ensure maximum protection of the personal data for which they are responsible.
For its part, the Paris prosecutor’s office has opened an investigation to try to find the perpetrators of the hacking and posting. Highly valued in the market, health data can be used for identity theft, fake prescriptions or scams based on health problems.
SEE ALSO – Founder of “Hackers Without Borders”, Clément Domingo is on a war footing in the face of an upsurge in cyberattacks