"A lab company providing services to some Planned Parenthood centers disclosed a data breach on Friday impacting about 1.6 million people.
Laboratory Services Cooperative (LSC) said it initially discovered the cyberattack on October 27 and began an investigation that was completed in February.
The stolen data includes medical information like dates of service, diagnosis, treatments, lab results, treatment locations and the details of the care provided alongside personal information like health insurance numbers, bank account details, payment cards, Social Security numbers, IDs and more. "
In the EU, GDPR mandates that data breaches adversely affecting privacy must be reported to authorities within 72hr. The fine for not obeying GDPR is the greater of €30 million or 4% of worldwide turnover in the financial year preceding the breach.
The biggest GDPR fine so far is one handed to Meta by Ireland in 2023: €1.2 billion. Ireland has made a bit of an industry out of this, with over €2.9bn in total fines to Meta alone over the years.
Welp. I’m happy to hear not every country is as big of a piece of shit as mine.
Fines are treated as a cost of doing business. Jail time should be a better motivator for compliance.