Ireland Ireland

Midlands Regional Hospital Tullamore, County Offaly

300,000 €

GDPR enforcement action by Data Protection Authority of Ireland on 2026-06-11.

Rank · Sector
#25
of 272 in Health Care
Rank · Ireland
#18
of 37
Rank · All fines
#310
of 3,059

Case details

Authority
Data Protection Authority of Ireland
Date
2026-06-11
Controller / Processor
Midlands Regional Hospital Tullamore, County Offaly
Sector
Health Care
Quoted Articles
Art. 5 (1) f) GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 32 (1) GDPR, Art. 34 GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Irish DPA has imposed a fine of EUR 300,000 on the Midlands Regional Hospital Tullamore, County Offaly. The controller suffered a ransomware attack on its laboratory information system, affecting the personal data of approximately 84,000 individuals. The controller failed to implement adequate technical and organisational measures to ensure data security.

Open original source Links to the regulator's original publication or another source.

Related fines