Breach of personal data security at the Sanitary and Epidemiological Station. The addresses and research of approximately 350 people are at risk

reported that a pendrive with sensitive data had recently been found – it was sent to the station in an anonymous letter, but the exact circumstances are unknown. It is known that the medium contained personal data of hundreds of people registered at the facility. Therefore, the Sanitary and Epidemiological Station provided detailed information about its contents.

Police. A pendrive containing personal data of about 350 people was found

contained names, surnames, PESEL numbers, document numbers and series, telephone numbers, information on health status, including test results, and addresses of residence or stay. In addition, documents relating to matters conducted by the authority, such as inspection reports, decisions and letters, were saved on the medium. Their content included information about the subject of the proceedings and e-mail addresses. All documents and data came from the period from 2015 to the end of May 2021.

According to reports, the pendrive belonged to an employee of the Sanitary and Epidemiological Station in Szczecin. The medium contained data of approximately 350 people from the Police district and two people from Szczecin. The facility received the pendrive in an anonymous letter on October 30, 2023.

“It is the duty of the District Sanitary and Epidemiological Station in Police to inform you that due to the discovery of the pendrive with the above-mentioned data, there is a possibility that other people may attempt to use the data stored there,” the statement said. The consequences of a personal data breach include problems such as:

• loss of control over one’s own personal data – participation in projects may occur in which it is enough for the entity to provide one or more data available on the medium in order to act on behalf of and for the benefit of another person;
• discrimination against a person through possible disclosure of health information;
• damage to good name.

The Sanitary and Epidemiological Station responded to the incident. An appeal for caution was issued

The District Sanitary and Epidemiological Station in Police informed the President of the Personal Data Protection Office about the breach. Additionally, steps have been taken to prevent similar incidents in the future. Employees have been trained in the principles of personal data processing applicable at the facility. The need to use only official encrypted media was reminded. The facility reported that supervision over employees in terms of compliance with the data processing policy has been intensified. it will also block access to external media on workstations.

The Sanitary and Epidemiological Station advised that in case of attempts to use the data, law enforcement authorities and the District Sanitary and Epidemiological Station in Police should be immediately notified. “At the same time, we ask you to be careful when providing personal data to other people, especially those contacting us via the Internet or telephone,” the statement said.

If you have any questions related to the incident, the station asks you to contact the Personal Data Inspector, Agnieszka Palusińska. E-mail address: iod.psse.police@sanepid.gov.pl Tel. 887437306. Correspondence address: PSSE in Police ul. Kresowa 14, 72-010 Police.