On January 15 Norway's Health South-East RHF reported that about 2.9 million people may have been impacted by a data breach that took place on January 8. GDPR regulations require a breach be disclosed within 72 hours of discovery to their supervisory authority or in some case to the individuals involved, according to ComputerWorld. The new privacy regulation is scheduled to go into effect on May 25, 2018.
No reason was given for the delay.
HelseCERT, Norway's healthcare sector computer emergency response team, first noticed the issue and informed the impacted organizations. It is not known at this time if any of the personal data has been removed from the system, Computerworld wrote.