Description of Data Breaches Notifications in France and Lessons Learned for the Healthcare Stakeholders
Although the consequences of the General Data Protection Regulation (GDPR) have been widely discussed, the violations have not been described in medical literature. In this study, we focus our analyses on the data breach notifications, in France, defined in the article 4 of GDPR as "a breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data." Among 3,824 data breach notifications reported between May 2018 and February 2020, 244 (6.4%) is related to the health sector. Loss of confidentiality is the most important breach (80.7%) in this sector, followed by the loss of availability (27.5%). Malicious cause occurred in 58.2% of them. We hypothesized a phenomenon of underreported data breach incidents in health due to a mismatch between cybersecurity and data privacy issues.
Keywords: Cybersecurity; Data Privacy; Policy.