ResourcesApril 21, 2022CNIL fines a company for serious violation of cybersecurity measures for health data

The French DPA (CNIL) fined the DEDALUS BIOLOGY company with a fine of €1.5m for security flaws that led to the leak of medical data of nearly half a million patients. Since the 24th of February 2021, the CNIL carried out several checks in the medical sector, including against the company DEDALUS BIOLOGY which markets software solutions for medical analysis laboratories. Based on the findings made during the inspections, the CNIL considered that the company had breached several obligations provided for by the GDPR, in particular the obligation to ensure the security personal data. The Restricted Committee of CNIL, which is responsible for the imposition of fines, sanctioned the company in view of the seriousness of the breaches identified but also taking into account the turnover of the company DEDALUS BIOLOGY. The CNIL had also asked and obtained that a French court would block the website where the data were leaked. Find out more here.