Chile's National Consumer Service (Sernac) has issued a formal request to Clínica Dávila following a cyberattack that leaked about 250 gigabytes of sensitive patient data. The agency demands detailed information within 10 business days on the incident, attributed to a foreign ransomware group named Devman. Compromised data includes clinical records, diagnoses, and medical test results, such as HIV screenings.
Chile's National Consumer Service (Sernac) has stepped in regarding a serious cybersecurity incident at Clínica Dávila and Servicios Médicos S.A., where a hack led to the exfiltration of roughly 250 gigabytes of confidential patient information. The attack, linked to the foreign ransomware group Devman, exposed clinical files, medical diagnoses, sensitive test results including HIV screenings, identity card copies, and operational databases of the facility.
Sernac has required the clinic to provide within 10 business days a timeline of the incident, the total number of affected patients broken down by data type, existing security measures at the time of the breach, and the attack vector used. It also seeks details on containment actions, notification methods to those impacted, received complaints, and preventive steps for future threats. The clinic must state its stance on potential civil and administrative liabilities.
The agency stressed that data protection is a core right under the Consumer Protection Law (LPC). Failure to meet the deadline could prompt judicial and administrative actions from Sernac. It urged possible victims to file claims through the Consumer Portal using Clave Sernac or ClaveÚnica, or via phone and in-person channels nationwide.
This episode highlights the fragility of healthcare systems to cyber threats, emphasizing the importance of strong security protocols to protect patient privacy.
