Medical Specialist Group (MSG) in Guernsey faces a £100,000 fine after hackers stole thousands of patient emails containing confidential health data. The breach started in August 2021 but went undetected for over three months. Criminals later used the stolen information in phishing campaigns targeting patients.
The Office of the Data Protection Authority found MSG failed to install critical security updates and missed opportunities to detect the attack. Commissioner Brent Homan said medical information requires the highest protection levels, which MSG failed to provide.
MSG must pay £75,000 within 60 days, with another £25,000 due in 14 months unless they complete an approved action plan.
Source: BBC News