Large medical lab in South Africa suffers multiple data breaches MyBroadband

pLancet Laboratories has suffered multiple data breaches and was fined R100000 for failing to respond to the South African Information Regulators demands to address shortcomings in its systemsppInformation Regulator chairperson Pansy Tlakula recently revealed that Lancet paid the fine which was issued after it failed to comply with an enforcement notice issued in September 2024ppWhat was also of grave concern was that the body did not notify the data subjects affected by the security compromise Tlakula said in a recent media briefingppThe Information Regulator issued the enforcement notice after it found that Lancet had not notified people that their data had been exposed within a reasonable period as required under POPIAppThe regulator ordered Lancet Laboratories to urgently implement adequate security safeguards to protect personal information and prevent unauthorised accessppLancet also had to establish and maintain proper breach notification processes to ensure affected data subjects are notified without undue delayppIt was also instructed to review and update internal procedures to comply with section 22 of the Protection of Personal Information Act POPIA which deals with breach disclosuresppWhen the company failed to meet these requirements the regulator imposed a R100000 penalty through a POPIA infringement notice which Tlakula confirmed it has paidppSpecialist technology sector law firm Michalsons Giles Inc said organisations can learn much from Lancets mistakes in this matterppTimely breach notification is critical Under POPIA you must inform both the Information Regulator and affected data subjects without unreasonable delay after discovering a data breach the firm saidppIn addition the organisation should have breach response procedures ready Organisations should maintain an incident response plan with clear steps and responsibilities for notifying stakeholdersppAdditionally organisations must learn from prior incidents If you experience a breach you must take corrective action to address vulnerabilities and prevent recurrenceppSecurity safeguards must be proactive This includes strong access controls regular security testing and continuous monitoring to protect personal data said Michalsons GilesppMyBroadband contacted Lancet Laboratories for comment on the Information Regulators recent media briefing but it did not respond by publicationppIn addition to providing an update about Lancets fine Tlakula also reported that the Information Regulator had seen a substantial rise in data breaches during the past yearppThe South African Information Regulator has revealed that during the 202425 financial year 2374 data breaches were reported with an average of 198 notifications per monthppIn the yeartodate since April 2025 the watchdog said 1947 security compromise incidents were reportedppThis represents an average of 284 notifications received per month which the regulator said demonstrates a 40 increase in reported security compromisesppThe Regulator continues to be deeply concerned about the increased number of compromise incidents occurring in the country Information Regulator chairperson Pansy Tlakula statedppTlakula called on the public and private sectors to make the necessary investments in their information security capabilitiesppShe said companies and institutions must develop and maintain appropriate technical and organisational measures to secure the integrity and confidentiality of personal information in their possessionppThere have been several highprofile data breaches leaks and other security incidents in South Africa in the past yearppHowever based on the Information Regulators report thousands of security compromises in South Africa do not become publicly knownppUnder current regulations companies are required to notify the regulator and the data subjects whose information has been compromised They need not make a public statementppppppWhich food delivery app do you preferppppView Resultsp