In the data breach notification sent to the KVKK Institution by the Private Dentapoint Dental Health Polyclinic (İzmir), which has the title of data controller;
As a result of the cyber attack with the ransomware on 12.07.2021, the computers containing the patient information were encrypted and access was blocked,
About 14,000 people were affected by the data breach,
The people affected by the data breach are patients, customers and potential customers,
It has been stated that the personal data affected by the violation are identity, communication, location, customer transaction, transaction security, finance, visual and audio records, and the sensitive personal data affected by the violation are race and ethnicity information and health information.
Paragraph (5) of Article 12 of the Law on the Protection of Personal Data No. 6698, titled "Obligations regarding data security" "In case the processed personal data is obtained by others illegally, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its own website or by any other method it deems appropriate.” its ruling.
The necessity of institutions and organizations to take corrective measures to combat data breaches is gaining more and more importance with each passing day. In order to prevent data breaches, institutions and organizations should receive support if necessary, security technologies should be selected correctly within the organization, penetration tests should be carried out at regular intervals, and personnel within the organization should receive awareness training on information security.
