Guernsey's Medical Specialist Group has been fined £100,000 for a data breach involving stolen patient emails.
The cyberattack happened in August 2021, but took more than three months to discover.
Criminals had accessed the firm's email server.
The Data Protection Authority says emails were stolen and patients targeted by phishing scams, leaving thousands of people vulnerable to theft.
The MSG reported the breach and the Authority began an investigation.
It found the firm had 'failed to take reasonable steps to ensure the security of personal data', including by routinely failing to install security updates over a 13 month period.
The ODPA said the contraventions of the Data Protection Law were at the 'more serious end of the scale' because of the sensitive nature of the personal information that was impacted.
Commissioner Brent Homan said: “Medical information demands the highest level of safeguard protection against cyber-attacks, and the sanction in this matter reflects that the measures in place at MSG fell well short of legal requirements”
The MSG says it has since made a major investment in its cybersecurity systems and staff training.
MSG Chief Executive Dr Farid Fouladinejad said: "Protecting our patients’ information is one of our highest priorities.
"Four years ago, we were hit by a global cyber incident that affected many organisations in public and private sectors across the world.
"Since then, we’ve taken significant steps to strengthen our systems and ensure we meet the highest standards of data security.
"Our plan for the next 12 months will take us to an even higher level of security."
The fine will be reduced by £25,000 if the practice implements all the changes within the next 14 months.
Commissioner Brent Horman said the action plan exceeds what his office would have expected.
"I am confident that when the plan has been fulfilled, Bailiwick residents, many of whom use MSG’s services, should benefit from an exceptional level of protection for their health information.”
Risk of WW2 bombs buried in Guernsey field to be assessed
Equine-guided healing aims to draw more tourists to Guernsey
Guernsey heart condition screening programme shortlisted for national award
Experts discuss sustainability of the Golden Guernsey Goat
Significant refurbishment for Guernsey's Show Jumping arena
Guidance issued on fireworks and bonfires
Facial age checks now in use at ten Jersey Co-op stores
WATCH: Major milestone reached in Guernsey golf club redevelopment
