Andorra Data Agency Urges Psychologists to Report Eholo Cyberattack Breach
APDA alerts psychologists using Eholo platform to notify breaches after hackers stole sensitive patient data, demanding ransom by March 15.
Key Points
- Hackers stole hundreds of records from Eholo, including Andorran patient data, leaking proof.
- Ransom deadline: March 15, or data sold on black market.
- Psychologists must notify APDA in 72 hours and inform patients.
- Breach impacts Andorran users and possibly Catalonia-treated residents.
Andorra's Data Protection Agency (APDA) has urged psychologists using the Eholo platform to report any data breaches following a cyberattack that exposed sensitive patient information.
The agency communicated with members of the Col·legi Oficial de Psicòlegs d'Andorra (Copsia) last week, after hackers targeted Eholo, a management tool for psychological documentation. Attackers claimed to have stolen hundreds of records, including those of at least one Andorran patient, and provided proof by leaking medical notes. They have given users until March 15 to pay a ransom, threatening to sell the data on the black market otherwise.
APDA confirmed the platform suffered an unauthorized access incident, compromising data from registered psychologists and their patients. While the full extent of the impact in Andorra remains unclear, local psychologists have been identified as users of Eholo. There may also be Andorran residents or citizens receiving treatment from psychologists in Catalonia whose information is affected.
Psychologists must notify APDA within 72 hours of becoming aware of any breach. They are also legally required to inform their patients that personal and medical data could now be in cybercriminals' hands. Neither APDA nor Copsia yet knows the precise scope, but the alert aims to ensure compliance with data protection laws and help assess the breach's reach.
Original Sources
This article was aggregated from the following Catalan-language sources: