In the light of applicable law in Poland, in view of the situation of the leakage of medical data included in delicate data which are protected by the law of patients, they have the right to complete information concerning the disclosure of their individual data, including details concerning the incidental itself, possible consequences and recommendations on minimising the hazard of specified data leakage.
A fewer days ago, the media reported a hacking attack at ALAB, 1 of the key players in the medical laboratory marketplace in Poland. The RA planet hacker group admitted to carrying out this attack and not only announced its success, but besides published fragments of stolen data on its blog. More than 50,000 medical studies have been made available, raising serious concerns about patient privacy and data security.
In connection with the hacking and theft of medical data, ALAB, as the victim of this incident, has circumstantial responsibilities. As a data controller, the company should carry out a full analysis within 72 hours of receiving information about the leak to find whether there has been a breach of data protection. Furthermore, it is essential to identify the risks for data subjects, i.e. patients, and to take appropriate measures to minimise this risk. In the current context, it seems clear that ALAB will be required to study the leak to the president of the Office for individual Data Protection (UODO) and to inform the persons whose data has been stolen of the incident.
The disclosure of medical data is simply a major threat...
The word "data leak" is utilized in everyday language, but according to GDPR principles, it refers to a breach of data protection. In the present case, we are faced with a situation which is more dangerous from the point of view of the protection of individual data, as not only PESEL numbers have been disclosed, but besides wellness information, which includes data from the peculiar category. This creates a advanced hazard of violations of the rights and freedoms of these individuals, which could consequence in public access to wellness information, specified as the presence of venereal diseases, HIV infection and AIDS.
ALAB inactive does not comment on the data leak. What is the period during which it should inform customers?
ALAB is obliged to immediately inform patients whose test results have been revealed without undue delay. Although there is no strict deadline, analogous to the application to the president of the Office for individual Data Protection (UODO), the company cannot hold this obligation.
What rights do customers have – patients whose data may have been stolen?
Customers have the right to complete information on the scope of the disclosed data, the possible consequences of this event and the recommendations on the simplification of the hazard of disclosure. ALAB should straight inform affected persons, even if it may be hard to get contact details. In the absence of specified information, it may be possible to supply a search engine to verify that data of a peculiar individual has been included in the leak. Due to the degree of the leak and the time scope of the test results (from 2017 to 2023, according to available information), ALAB may encounter difficulties in informing all affected individuals. In addition, the company should issue a public message informing about the planned steps to address the situation.
Is it possible to get compensation?
The individual whose individual data has been disclosed as a consequence of the attack has the right to claim compensation from ALAB, and this claim may be sought through civilian court proceedings. The determination of possible compensation is hard due to the fact that it depends on the circumstantial circumstances of the case, including the impact of disclosure of wellness information on the private or professional sphere of that person.
Dear reader, we remind you that all legal matters in this substance we compose about can be complicated and frequently require the aid of a lawyer. It's worth discussing it with a lawyer before taking legal action.
Contact us now. We'll review your case and see precisely what we can do about you. Our experts have already helped a number of clients who thought they were already in an impossible situation.
Write us or call us now.
579-636-527
[email protected]
Here’s Law all day,News from the country, Entrepreneur,Events of the day,alab,medical data,lega artis,legaartis,legal remedies,lawful,warszawa lawyer,law,GDPR,UODO,data leak-related post from
The biggest medical data leak. What rights do patients have?:
