Midlands Regional Hospital Tullamore, County Offaly
300,000 €
GDPR enforcement action by Data Protection Authority of Ireland on 2026-06-11.
Rank · Sector
#25
of 272 in Health Care
Rank · Ireland
#18
of 37
Rank · All fines
#310
of 3,059
Case details
- Authority
- Data Protection Authority of Ireland
- Date
- 2026-06-11
- Controller / Processor
- Midlands Regional Hospital Tullamore, County Offaly
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 32 (1) GDPR, Art. 34 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Irish DPA has imposed a fine of EUR 300,000 on the Midlands Regional Hospital Tullamore, County Offaly. The controller suffered a ransomware attack on its laboratory information system, affecting the personal data of approximately 84,000 individuals. The controller failed to implement adequate technical and organisational measures to ensure data security.
Open original source
Links to the regulator's original publication or another source.
Related fines
Ireland
2023-05-12
1,200,000,000 €
ETid-1844
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2025-05-02
530,000,000 €
ETid-2584
TikTok Technology Limited
Media, Telecoms and Broadcasting
Ireland
2022-09-05
405,000,000 €
ETid-1373
Meta Platforms, Inc.
Media, Telecoms and Broadcasting
Ireland
2023-01-04
390,000,000 €
ETid-1543
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2023-09-01
345,000,000 €
ETid-2032
TikTok Limited
Media, Telecoms and Broadcasting
Ireland
2024-10-24
310,000,000 €
ETid-2469
LinkedIn
Media, Telecoms and Broadcasting