Notification of a data breach to clients of the Western Uusimaa Wellbeing Services County using the medical supplies of Oy Essity Finland Ab
What happened?
The Western Uusimaa Wellbeing Services County has been informed by Oy Essity Finland Ab that their subcontractor Westlog Oy's database has been subjected to an advanced criminal cyber attack. There was a data breach on 24 August 2023. The deviation was detected on 4 September, and the Western Uusimaa Wellbeing Services County received an official notification of the incident on 20 September.
Westlog has taken the following steps to resolve the data breach:
- They installed a specific monitoring system in the company's information systems.
- They notified The National Cyber Security Centre (The Finnish Transport and Communications Agency Traficom) and the Data Protection Ombudsman's Office of the data breach.
- They reported the incident to the police.
The investigation by Westlog and the detailed assessment of the stolen personal data are still ongoing. For example, the full extent or possible consequences of the breach are not yet known. There is also no information on the perpetrator(s) or their intentions yet, so the assessment of the consequences is also ongoing. However, it is likely that personal data of current and former clients has ended up in the hands of criminals.
What personal data does the violation concern and what measures have been taken?
The data subject to the breach was client data related to the distribution service of incontinence products. The violation may concern the client's name and contact details as well as the address, information on orders placed through the website and information on the personal identity code.
It is also possible that sensitive health data, such as incontinence information, could be derived from product order data. Oy Essity Finland Ab is currently investigating the entire extent and consequences of the violation and has contacted the Finnish Data Protection Ombudsman and the National Cyber Security Centre as well as reported the incident to the police.
The Western Uusimaa Wellbeing Services County has submitted a notification of the incident to the Data Protection Ombudsman.
What measures do we recommend for a potential target of a security breach?
We recommend that you remain alert and pay particular attention to any attempted fraud. If you are the victim of a crime, such as identity theft, we recommend that you contact the police. We also recommend that you read the Cyber Security Centre's instructions for victims of data breaches(external link).
For more information, please contact the data protection officer of the Western Uusimaa Wellbeing Services County, tel. +358 (0)40 6343031, tietosuoja@luvn.fi