Concerns about a potential data breach were raised when a health care employee requested their personal log data in October. These log data reveal who has accessed an individual’s information in the client and patient information systems.
On 5 November 2024, we reported that a dental assistant had accessed the personal and health information of a colleague and other clients without authorisation. Following a thorough investigation, the full extent of the breach has now been confirmed. This dental assistant viewed the records of approximately 2,000 people without justification.
During the investigation, it was also discovered that four other dental care employees had similarly accessed client records without permission. Current information indicates that they accessed the records of approximately 1,000 individuals without valid reasons.
Although the investigation has not revealed any evidence that the accessed client data was misused (e.g., shared further), this incident is deeply regrettable from the clients' perspective.
In response, City of Helsinki’s dental care services have reviewed their guidelines for handling client information and enhanced internal monitoring immediately following the first incident. Additionally, data security training for staff has been increased.
Data breaches are thoroughly investigated
Once the breaches were identified, dental care services initiated an investigation without delay. These cases are being handled in accordance with the City of Helsinki’s data breach policy.
Supervisors have taken necessary employment-related actions regarding the employees responsible for the breaches. These individuals are no longer employed by the City of Helsinki.
The City of Helsinki has reported the breaches to the Office of the Data Protection Ombudsman and the National Supervisory Authority for Welfare and Health (Valvira). Investigation requests have been submitted to the police for the first two breaches, and similar requests will be made for the remaining cases once the dental care services’ investigations are complete.
The parties concerned will be notified
Since November, City of Helsinki’s dental care services have sent notifications of the data breach to the affected individuals. These notifications include guidance on how to obtain further information and support.
