The Helsinki and Uusimaa Hospital District (HUS) has been hit by a significant data breach involving patients’ information, stemming from the actions of a former employee who breached the privacy of nearly 1,000 patients.
An internal investigation by HUS revealed three instances of data breaches, with the ex-practical nurse accessing patient records through the Apotti system. HUS’s Administrative Chief Medical Officer Teppo Heikkilä confirmed the breach, highlighting that the extent of around 900 affected patients made it an unusually extensive incident. Despite the breach occurring in 2021, affected patients were only notified of the violation of their privacy this summer.
In response to the breach, HUS issued a statement regarding two additional, smaller breaches involving unauthorized access to medical records of several dozens or hundreds of patients. Heikkilä assured that patients are informed promptly when such breaches are discovered through the hospital’s internal data protection monitoring.
Expressing regret over the hacking incidents, Heikkilä stressed that security breaches at HUS are rare, averaging only a few cases a year. He conveyed the organization’s commitment to preventing such occurrences in the future and improving data protection measures.
The breach is part of an evolving landscape of cyber threats against healthcare institutions. In April, the National Bureau of Investigation (NBI) launched an ongoing investigation into unauthorized data breaches within the population information system and the HUS patient information system, further highlighting the vulnerability of medical data.
Heikkilä reminded patients of their right to file police reports for investigations and emphasized HUS’s dedication to safeguarding patient data and preventing future breaches.