The employee responsible for the data breach did not access clients’ health information. Instead, they accessed the view known as the Identity report, which is the basic information view that is first visible to the user in the Apotti system following a client search. The employee has seen the names, personal identity codes, addresses, email addresses and phone numbers of 170 Helsinki residents.
Affected parties have been notified about the data breach
An investigation into the incident was launched as soon as the data breach was discovered. The matter has been handled in accordance with the data breach process of the City of Helsinki. The nurse is no longer employed by the City of Helsinki.
The City of Helsinki has reported the data breach to the Office of the Data Protection Ombudsman. The City has also notified the clients affected of the data breach. The notification also includes details on where they can get further information.
