The Supreme Audit Office has revealed serious deficiencies in the protection of patient data in the Warmian-Masurian province. An audit of six hospitals and one clinic found that the security of medical data is insufficiently protected against cyber attacks.
NIK: Weak patient data security in Warmian-Masurian medical facilities
Published Aug. 9, 2024 07:59
Fot. Getty Images/iStockphoto
Between 2020 and 2023, the majority of inspected facilities (six out of seven) were found to have numerous data protection irregularities. Non-compliance with internal regulations and laws resulted in, among other things, access to sensitive information by non-medical staff and former employees.
The Minister of Health recognized three of the surveyed units as key service providers (OUKs). Two of the units implemented the recommended duties, but delays and other minor deficiencies were found. In Gizycko, the information security management system was not implemented on time, and the updating of cyber security documentation was neglected.
Technical and procedural details
Five units had information security management systems (ISMS) in place, but in some cases they were implemented partially or late. Numerous errors in data access management were also identified - in Elblag, 435 employees had access to medical data without proper authorizations, and in Olsztyn, nurses had access to data from wards where they did not work.
Recommendations and next steps
As a result of the audit, the NIK issued 21 audit requests, seven of which had been implemented by May 2024. The remaining 14 requests are in the process of being implemented. NIK stresses the need to urgently implement appropriate procedures and security systems to prevent future breaches of patient data security.
Source: NIK
