Concerns about a potential data breach arose when a healthcare employee requested their personal log data in October. These log data reveal who has accessed the individual’s information in the client and patient information systems.
On 5 November 2024, we reported that a dental assistant had accessed the personal and health information of a colleague and other clients without authorisation. Following a thorough investigation, the full extent of the breach has now been established. This dental assistant viewed the records of approximately 2,000 people without justification.
During the investigation, it was also discovered that four other dental care employees had similarly accessed client records without permission. Current information indicates that they accessed the records of approximately 1,000 individuals without valid reasons.
The investigation has not revealed any evidence that the accessed client data was misused, such as being shared further. However, the incident is deeply regrettable from the clients’ perspective.
In response, the City of Helsinki’s dental care has reviewed its guidelines for handling client information and enhanced internal monitoring immediately after the first incident. Data security training for staff has also been increased.
Data breaches are thoroughly investigated
Once the breaches were identified, the dental care services initiated an investigation immediately. These cases are being handled in accordance with the City of Helsinki’s data breach policy.
Supervisors have initiated necessary employment-related measures with the employees responsible for the breaches. These individuals no longer work for the City of Helsinki.
The City of Helsinki has reported the breaches to the Office of the Data Protection Ombudsman and the National Supervisory Authority for Welfare and Health (Valvira). Investigation requests have been filed with the police for the first two breaches, and similar requests will be made for the remaining cases once the dental care services’ investigations are complete.
The parties concerned will be informed of the data breach
Since November, the City of Helsinki’s dental care has sent a notification of the data breach to the affected individuals. The notification includes advice about how to obtain further information and support.
