{"id":2863,"date":"2022-02-18T17:00:44","date_gmt":"2022-02-18T15:00:44","guid":{"rendered":"https:\/\/it-news-blog.com\/?p=2863"},"modified":"2025-04-01T19:50:34","modified_gmt":"2025-04-01T17:50:34","slug":"patientendaten-durch-url-manipulation-frei-zugaenglich-20-000-eur-bussgeld","status":"publish","type":"post","link":"https:\/\/it-news-blog.com\/?p=2863","title":{"rendered":"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld"},"content":{"rendered":"

Das verh\u00e4ngte Bu\u00dfgeld steht im Zusammenhang mit einer Datenschutzverletzung, die sich bei einem Gesundheitsdienstleister ereignet hat. Auf der Website von Azienda socio sanitaria territoriale Nord di Milano (ASST) wurde f\u00fcr die Buchung von Coronatests das unsichere http-Protokoll anstelle von https verwendet. Zudem lief der Server mit veralteter, unsicherer Software.<\/p>\n

Durch das Entfernen der Endung \u201ePrenatazione.php\u201c aus der URL war es m\u00f6glich, auf ungesch\u00fctzte Patientendaten von ASST zuzugreifen. Betroffen waren Personen, die sich f\u00fcr die Grippeimpfung der Saison 2020\/21 angemeldet hatten. Dabei wurden unter anderem Namen, Steuernummern und Telefonnummern sowie die Impfstandorte offengelegt.<\/p>\n

Die Datenschutzbeh\u00f6rde stellte fest, dass ASST es vers\u00e4umt hatte, angemessene technische und organisatorische Ma\u00dfnahmen zu ergreifen, um den Schutz dieser sensiblen Daten sicherzustellen. Dies wurde als Versto\u00df gegen die Anforderungen zur Wahrung der Integrit\u00e4t und Vertraulichkeit gewertet.<\/p>\n

Zus\u00e4tzlich sah die Beh\u00f6rde Art. 33 DSGVO verletzt, da ASST den Vorfall nicht eigenst\u00e4ndig meldete. Stattdessen wurde die Beh\u00f6rde erst durch eine Beschwerde eines Betroffenen auf die Datenpanne aufmerksam.<\/p>\n

Sanktionsadressat
\n<\/strong>Azienda socio sanitaria territoriale Nord di Milano<\/p>\n

Bu\u00dfgeld<\/strong>
\n20.000 EUR<\/p>\n

Verletzte Rechtsnorm<\/strong>
\nArt. 5 Abs. 1 lit. f DSGVO
\nArt. 25 DSGVO
\nArt. 32 DSGVO
\nArt. 33 DSGVO<\/p>\n

 <\/p>\n

\n
\n
\n
\n

Matthias A. Walter,<\/strong> http:\/\/www.tec4net.com<\/a><\/p>\n

\n

EDV-Sachverst\u00e4ndiger und Datenschutzauditor<\/p>\n<\/div>\n

\n

Quellen und Links:<\/strong><\/p>\n

\n
\n
\n
\n

Datenschutzbeh\u00f6rde: <\/span>Italien – Garante per la protezione dei dati personali
\nhttps:\/\/www.gpdp.it\/web\/guest\/home\/docweb\/-\/docweb-display\/docweb\/9746448<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

Rechtssichere Webseite f\u00fcr Unternehmen – Website-Compliance-Check
\nhttps:\/\/website-compliance.tec4net.com<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n
\n
\n

tec4net – Datenschutz und IT-Sicherheit praktikabel umsetzen
\n<\/strong>Wir beraten und auditieren DSGVO und BDSG sowie die Normen ISO\/IEC 27001, TISAX, NIS-2 und PCI-DSS.<\/span><\/p>\n

 <\/p>\n

www.tec4net.com<\/a> \u2013 www.it-news-blog.com<\/a> \u2013 www.it-sachverstand.info<\/a> \u2013 www.datenschutz-muenchen.com<\/a> \u2013 www.it-sicherheit-muenchen.com<\/a><\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Das verh\u00e4ngte Bu\u00dfgeld steht im Zusammenhang mit einer Datenschutzverletzung, die sich bei einem Gesundheitsdienstleister ereignet hat. Auf der Website von Azienda socio sanitaria territoriale Nord […]<\/p>\n","protected":false},"author":2,"featured_media":1333,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[370],"tags":[1012,1025,1014,1016,1034,1026,1027],"yoast_head":"\nPatientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld - IT-NEWS-BLOG<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/it-news-blog.com\/?p=2863\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld - IT-NEWS-BLOG\" \/>\n<meta property=\"og:description\" content=\"Das verh\u00e4ngte Bu\u00dfgeld steht im Zusammenhang mit einer Datenschutzverletzung, die sich bei einem Gesundheitsdienstleister ereignet hat. Auf der Website von Azienda socio sanitaria territoriale Nord [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/it-news-blog.com\/?p=2863\" \/>\n<meta property=\"og:site_name\" content=\"IT-NEWS-BLOG\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-18T15:00:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-01T17:50:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/it-news-blog.com\/wp-content\/uploads\/2010\/10\/tec4net_sicherheit.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Matthias Walter\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matthias Walter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/it-news-blog.com\/?p=2863\",\"url\":\"https:\/\/it-news-blog.com\/?p=2863\",\"name\":\"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld - IT-NEWS-BLOG\",\"isPartOf\":{\"@id\":\"https:\/\/it-news-blog.com\/#website\"},\"datePublished\":\"2022-02-18T15:00:44+00:00\",\"dateModified\":\"2025-04-01T17:50:34+00:00\",\"author\":{\"@id\":\"https:\/\/it-news-blog.com\/#\/schema\/person\/e0c100c6b645f34e659beeb06e2295fc\"},\"breadcrumb\":{\"@id\":\"https:\/\/it-news-blog.com\/?p=2863#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/it-news-blog.com\/?p=2863\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/it-news-blog.com\/?p=2863#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/it-news-blog.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/it-news-blog.com\/#website\",\"url\":\"https:\/\/it-news-blog.com\/\",\"name\":\"IT-NEWS-BLOG\",\"description\":\"Ein Service der tec4net GmbH\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/it-news-blog.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/it-news-blog.com\/#\/schema\/person\/e0c100c6b645f34e659beeb06e2295fc\",\"name\":\"Matthias Walter\",\"sameAs\":[\"https:\/\/tec4net.com\"],\"url\":\"https:\/\/it-news-blog.com\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld - IT-NEWS-BLOG","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/it-news-blog.com\/?p=2863","og_locale":"de_DE","og_type":"article","og_title":"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld - IT-NEWS-BLOG","og_description":"Das verh\u00e4ngte Bu\u00dfgeld steht im Zusammenhang mit einer Datenschutzverletzung, die sich bei einem Gesundheitsdienstleister ereignet hat. Auf der Website von Azienda socio sanitaria territoriale Nord [...]","og_url":"https:\/\/it-news-blog.com\/?p=2863","og_site_name":"IT-NEWS-BLOG","article_published_time":"2022-02-18T15:00:44+00:00","article_modified_time":"2025-04-01T17:50:34+00:00","og_image":[{"width":960,"height":400,"url":"https:\/\/it-news-blog.com\/wp-content\/uploads\/2010\/10\/tec4net_sicherheit.jpg","type":"image\/jpeg"}],"author":"Matthias Walter","twitter_card":"summary_large_image","twitter_misc":{"Verfasst von":"Matthias Walter","Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/it-news-blog.com\/?p=2863","url":"https:\/\/it-news-blog.com\/?p=2863","name":"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld - IT-NEWS-BLOG","isPartOf":{"@id":"https:\/\/it-news-blog.com\/#website"},"datePublished":"2022-02-18T15:00:44+00:00","dateModified":"2025-04-01T17:50:34+00:00","author":{"@id":"https:\/\/it-news-blog.com\/#\/schema\/person\/e0c100c6b645f34e659beeb06e2295fc"},"breadcrumb":{"@id":"https:\/\/it-news-blog.com\/?p=2863#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/it-news-blog.com\/?p=2863"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/it-news-blog.com\/?p=2863#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/it-news-blog.com\/"},{"@type":"ListItem","position":2,"name":"Patientendaten durch URL-Manipulation frei zug\u00e4nglich | 20.000 EUR Bu\u00dfgeld"}]},{"@type":"WebSite","@id":"https:\/\/it-news-blog.com\/#website","url":"https:\/\/it-news-blog.com\/","name":"IT-NEWS-BLOG","description":"Ein Service der tec4net GmbH","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/it-news-blog.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/it-news-blog.com\/#\/schema\/person\/e0c100c6b645f34e659beeb06e2295fc","name":"Matthias Walter","sameAs":["https:\/\/tec4net.com"],"url":"https:\/\/it-news-blog.com\/?author=2"}]}},"_links":{"self":[{"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/posts\/2863"}],"collection":[{"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2863"}],"version-history":[{"count":4,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/posts\/2863\/revisions"}],"predecessor-version":[{"id":2922,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/posts\/2863\/revisions\/2922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=\/wp\/v2\/media\/1333"}],"wp:attachment":[{"href":"https:\/\/it-news-blog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it-news-blog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}