"Guernsey's Data Protection Authority (ODPA) has sanctioned First Contact Health after it failed to implement sufficient security measures to prevent a phishing attack. The cybersecurity breach saw fraudsters successfully target an employee's email account, gaining access to confidential health data at the medical practice. First Contact Health became aware and reported the data breach to the ODPA in May 2024, but the unauthorised access is believed to have happened at least five months earlier."
"The cybersecurity breach saw fraudsters successfully target an employee's email account, gaining access to confidential health data at the medical practice. First Contact Health became aware and reported the data breach to the ODPA in May 2024, but the unauthorised access is believed to have happened at least five months earlier. Following an investigation, it was found to have failed in four key areas."
Guernsey's Data Protection Authority (ODPA) sanctioned First Contact Health for failing to implement sufficient security measures that allowed a phishing attack. Fraudsters targeted an employee's email account and gained access to confidential health data held by the medical practice. First Contact Health reported the breach to the ODPA in May 2024, while the unauthorised access is believed to have occurred at least five months earlier. An ODPA investigation identified failures in four key areas of the practice's security and incident management. The sanction represents regulatory action related to inadequate protections of sensitive patient information.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]