From EDPB on November 25:
The Norwegian Data Protection Authority has decided on an administrative fee of NOK 750,000 to Østfold HF Hospital. The background is that in the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the hospital.
The folders where the extracts were stored were not access controlled, and the activity in the folders was not logged.
Read more on European Data Protection Board.
h/t, Joe Cadillic