Helsinki and Uusimaa Hospital District reports data breach by former employee
Take action: Never ever leave the credentials of departed employees active in the system. You never know how they can be misused.
Learn More
The Helsinki and Uusimaa Hospital District (HUS) report a breach of privacy affecting almost 1,000 patients. The breach has been traced back to a former employee who previously served as a practical nurse within the district. The nurse managed to gain unauthorized access to patient records through the Apotti patient record system.
Approximately 900 patients are affected by this breach. The nurse was no longer employed by HUS when accessing the data. The reasons behind the termination of employment and any relation to the suspected hacking were not confirmed.
The data breach took place in 2021, it wasn't until this summer that the impacted patients were formally notified about the breach that compromised their privacy.
No details are provided as to the nature of the unauthorized access, what data was exposed nor why the notification was delayed for two years. It's quite clear that access controls within the Apotti patient record system is not at a very high level, either through shared credentials that the nurse and many others knew or through incomplete offboarding so the nurse still had credentials for the system.
HUS has declared their commitment to promptly notifying affected patients upon discovering breaches.
