Italian Psychologists Fined for Leaking Sensitive Data in Ransomware Attack
By Netvora Tech News
The Italian data protection authority, GPDP, has fined the Order of Psychologists of Lombardy €30,000 for leaking sensitive data during a ransomware attack last year. The attack compromised the personal data of over 3,000 individuals, including minors and psychologists who were the subject of disciplinary proceedings. The attackers used stolen login credentials or a brute-force attack to gain access to a server that was accessible via Remote Desktop Protocol (RDP). The Order of Psychologists did not have multi-factor authentication (MFA) in place and failed to monitor suspicious activity. The leaked data included sensitive information such as patients' health records, as well as details about psychologists' personal lives, including their religious beliefs, union membership, and sexual orientation. The attack was particularly egregious because the Order of Psychologists refused to pay the ransom, prompting the attackers to release all the stolen data online. The GPDP concluded that the Order's failure to implement adequate technical and organizational measures to protect personal data violated the General Data Protection Regulation (GDPR). Despite the severity of the breach, the GPDP ultimately decided to fine the Order €30,000, citing the organization's efforts to implement measures to prevent similar attacks in the future.
Details of the Breach
The attackers stole approximately 5GB of data, which included:- Personal data of over 3,000 individuals, including minors and psychologists
- Health records of patients
- Details about psychologists' personal lives, including religious beliefs, union membership, and sexual orientation
- Information about psychologists who were the subject of disciplinary proceedings
Comments (0)
Leave a comment