Norwegian DPA imposes administrative fine to Østfold HF Hospital

From EDPB on November 25:

The Norwegian Data Protection Authority has decided on an administrative fee of NOK 750,000 to Østfold HF Hospital. The background is that in the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the hospital.

The folders where the extracts were stored were not access controlled, and the activity in the folders was not logged.

h/t, Joe Cadillic

Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
How a hacking gang held Italy’s political elites to ransom
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure
On Reports of an Alleged Data Breach Involving G-Xchange, Inc. (GCash)
Two U.K. teenagers appear in court over Transport of London cyber attack
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.

Related: