Ireland
Centric Health Ltd.
460,000 €
GDPR enforcement action by Data Protection Authority of Ireland on 2023-01-23.
Rank · Sector
#16
of 270 in Health Care
Rank · Ireland
#16
of 36
Rank · All fines
#255
of 3,050
Case details
- Authority
- Data Protection Authority of Ireland
- Date
- 2023-01-23
- Controller / Processor
- Centric Health Ltd.
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Irish DPA has imposed a fine of EUR 460,000 on Centric Health Ltd.. The controller suffered a ransomware attack in which personal data such as name, date of birth and contact details were accessed, altered and destroyed without authorization. Data records of approximately 70,000 people were affected, of which 2,500 were permanently affected.
The DPA's investigation found that the healthcare facility had failed to implement adequate technical and organizational measures to protect personal data, which facilitated such an attack.
Open original source
Links to the regulator's original publication or another source.
Related fines
Ireland
2023-05-12
1,200,000,000 €
ETid-1844
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2025-05-02
530,000,000 €
ETid-2584
TikTok Technology Limited
Media, Telecoms and Broadcasting
Ireland
2022-09-05
405,000,000 €
ETid-1373
Meta Platforms, Inc.
Media, Telecoms and Broadcasting
Ireland
2023-01-04
390,000,000 €
ETid-1543
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2023-09-01
345,000,000 €
ETid-2032
TikTok Limited
Media, Telecoms and Broadcasting
Ireland
2024-10-24
310,000,000 €
ETid-2469
LinkedIn
Media, Telecoms and Broadcasting