Enable preference cookies to be able to use automatic translations
A person, who worked for the wellbeing services county of Vantaa and Kerava have viewed personal data for several persons in the patient data system who were unrelated to his/hers work.
The employee has without reason viewed personal data for persons, who didn´t relate to his/her work during December 2022- May 2023. Information has been sent by mail to persons, whose personal data has been viewed.
The employee has been able to view the name, personal identification number and address for persons in the system. The employee has not seen other information, such as health information. According to the data protection officer’s assessment the data breach cannot lead to identity theft or fraud, physical damages or reputational damage
Persons, whom the data breach concerns, can make an investigation request to the police.
The data breach was revealed to the wellbeing services county´s in connection with an in-house control in spring 2025. Viewing data did not relate to the employees work and was not appropriate. The person in question has not worked in the wellbeing services area since spring 2023.
Data protection officer of Vantaa and Kerava wellbeing services county has made a notification about the data breach to the control authority. Office of data protection dataombudsman is control authority in Finland.
The wellbeing services county of Vantaa and Kerava takes the data breach seriously. The wellbeing services county monitors the use of patient information regularly with control of log data and controls made with spot checks. Furthermore, must employees handling personal data undergo data security trainings yearly.