A Helsinki hospital has written to almost 200 patients to warn them that their medical records may have been stolen, more than a year after staff and the police first became aware of the data breach.
A temporary secretary, who worked at the Haartman facility for just four months last spring, is suspected of data protection crimes after gaining unauthorised access to the electronic records of 188 patients.
The secretary was sacked as soon as the violation was discovered, but the victims are only just being informed of it now. The Data Protection Ombudsman said such offences are becoming increasingly common in Finland.
Speaking to YLE, Seppo Saarela from Helsinki described the letter he received from the Haartman accident and emergency hospital last week. ”A secretary working at the city hospital had opened my case history file and could have seen my patient record,” he said. ”The department’s secretary did not have the right to open the case history file. It feels like that any summer intern can get into Haartman hospital’s database. Unbelievable!”
Jukka Toivonen, the hospital’s chief physician, said, “Helsinki health services decided to notify all those whose names we know. Altogether, 188 of these letters have been sent. We have no information about the motive. It could have been just curiosity. Police are investigating this too.”