Sanction details
https://www.bleepingcomputer.com/news/security/medical-software-firm-fined-15m-for-leaking-data-of-490k-patients/
The French data protection authority (CNIL) fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR (General Data Protection Regulation).
Dedalus Biology provides services to thousands of medical laboratories in the country and the fine is for exposing sensitive details of of 491,939 patients from 28 laboratories.