Guernsey's Data Protection Authority has launched an inquiry into a 'cyber incident' which affected The Medical Specialist Group in December.
The company has twice had to publicly urge islanders not to click any links in emails forwarded from the company after their systems appeared to have been compromised.
In March, MSG published a 'cyber warning' on its website and social media pages:
"Unfortunately it appears that the perpetrators behind the cyber incident that affected the MSG in December have sent out another batch of emails purporting to be from the MSG.
As far as we are aware, the emails are forwarded from an earlier genuine email from the MSG which will be from December or earlier.
If you receive such an email do not click on any links within the email."
After working with the company to assess the nature of the breach, the ODPA says it is now launching a formal investigation under section 69 of Guernsey's Data Protection Law.
The Authority says it has the power to launch inquiries 'at its own discretion' and it doesn't necessarily mean complaints have been made against MSG.
In its statement, the ODPA says the outcome of its investigation 'should not be speculated on, or its conclusion pre-judged'.
At the same time, it has invited islanders 'to discuss their concerns' relating to MSG's incident to email email@example.com or call 01481 742074.