photo
30.11.2023

Cooperation for the security of patients’ data

The ransomware attack combined with the data leakage from ALAB has seriously alarmed the public, both due to the scale of the leakage and the potential scope of the data, which could include the health data of many patients. That is why the President of the Personal Data Protection Office and the Ombudsman for Patient’s Rights, as part of the agreement between the authorities, are taking joint action in connection with this event.

- Currently, the Personal Data Protection Office is analysing the data breach in ALAB notified on 21 November this year. At this stage, we are waiting for further findings from the data controller in order to have knowledge of the details of the breach and to reliably explain its causes and scale," said Jakub Groszkowski, Deputy President of the Personal Data Protection Office.

- Due to the high-profile data leakage, as part of the cooperation, both institutions will exchange findings on their activities and the results of their work. The aim of this cooperation is primarily the well-being of patients and the protection of their personal data," added Jakub Groszkowski.

- We are initiating proceedings in order to determine the details of the case in cooperation with the President of the Personal Data Protection Office and the entity. We treat the potential violation of patients' rights extremely seriously, bearing in mind not only the letter of the law, but also patients' trust in healthcare entities and the health care system," added Bartłomiej Chmielowiec, the Ombudsman for Patients’ Rights.

Joint actions are also intended to help efficiently determine the causes and consequences of a personal data breach.

The information obtained by both the President of the Personal Data Protection Office and the Ombudsman for Patients' Rights is intended to help both authorities in the performance of their statutory tasks. In addition, the combined efforts of these institutions can also be used to develop recommendations in the future to mitigate the risks associated with such serious data breaches.

At the same time, the supervisory authority recommends that patients, before taking any action in connection with a data breach, use the tool provided by the Minister of Digital Affairs and verify whether their data is covered by the leakage from ALAB at www.bezpiecznedane.gov.pl