Jesus fucking christ. I just got a letter from Infomedics, basically the company that does every healthcare provider's invoicing in the Netherlands (so you can't choose not to deal with them).

It was a data breach notification. For a breach that happened *FOUR FUCKING MONTHS AGO*. With zero details on how it could happen besides "ransomware at external supplier". Containing *MEDICAL DATA*.

What the actual fuck. Why is this company still allowed to operate? Why am I only hearing about this now? Why are they being cagey about consequences? Why have they not been fined out of existence yet?