THE Guernsey Data Protection Authority (ODPA) has sanctioned First Contact Health after it failed to implement sufficient security measures to prevent a phishing attack, according to ITV. The breach saw fraudsters successfully target an employee’s email account, gaining access to confidential health data at the practice. First Contact Health became aware of the data breach and reported it to the ODPA in May 2024, but the unauthorised access is believed to have occurred at least five months earlier. Following an investigation, the ODPA found that the practice had failed in four key areas.
Guernsey medical practice sanctioned after cyber criminals access patient data through email account
Article by CyberSIXT