The services responsible for security and internal control at the National Health Fund have detected a case of unauthorized use of the Central Insured List by a group of Fund employees.
Illegal access to data at the National Health Service. Will employees lose their jobs?
Published Oct. 20, 2025 08:27
Security and internal control specialists at the National Health Fund Headquarters have uncovered an incident in which some employees with access to the Central List of Insured (CWU) used this access in an unauthorized manner.
The CWU is a system that collects data on insured persons - such as name, surname, PESEL number, date of birth, home address or place of work. As the NFZ stresses, this database does not contain medical data, which means that people using the system have no insight into their treatment history or health information.
All persons whose data may have been affected by the incident will be notified in accordance with applicable data protection regulations. The President of the Office of Personal Data Protection (OPAP) has already been informed of the case.
After the breach was discovered, NFZ management took immediate action. Employees who violated internal security procedures had their access to the CWU system revoked and were subject to official proceedings that could result in termination of their employment.
The NFZ assures that internal security systems worked properly, allowing the incident to be detected quickly. To further reduce the risk of similar situations in the future, new protective mechanisms will be put in place.
Among them will be:
- internal alerts to supervisors if an employee checks the data of another NFZ employee,
- Additional training in the safe use of CWU,
- Strengthening the process of granting access to the system.
Source: NFZ
