According to recent data analysis by Redscan, Trusts have begun to deal with and address NHS cyber-skills shortages in the past two years, although there is still a lot of ground to cover to tackle the problem of data breaches within the health service. In 2018, it was reportedly revealed by Redscan that around a quarter of NHS Trusts did not have security professionals, whereas now, the figure has dropped to 15% of Trusts.
Despite an average decline in the number of NHS data breaches reported to the ICO, it is still clear that personal information is still not being granted the full security it deserves. In our view, there is still a lot of work to be done to ensure all NHS Trusts have the appropriate cybersecurity and data protection breaches needed to keep data safe.
We have represented many clients for a number of NHS data breach cases over several years, so we have seen just how devastating the effects can be when sensitive medical information is compromised. In accordance with UK data protection law, every citizen has a right to strong data protection, which is why we can help victims of data breaches to assert their rights by making compensation claims.
A recent postbox theft at a GP surgery in Norwich has demonstrated the sometimes unexpected forms that data crime can come in. In late May, Hellesdon Medical Practice is understood to have informed its patients that a postbox had been stolen by an unknown person, causing a severe data breach due to the private correspondence it contained.
Data security incidents like this may be relatively small in scale compared to the huge cyberattacks affecting large companies in the digital age, but they still have the potential to severely impact the victims. The Hellesdon Medical Practice data breach also raises questions about how we can ensure the security of documents sent in the post, particularly when we don’t have the benefit of firewalls and encryption, as we often do in digital data transfer.
Any data exposure incidents involving physical records should be treated with the seriousness they deserve, as they can still constitute a breach of data protection law. Where a third-party data controller fails to effectively protect your information, you could be eligible to claim compensation for the harm caused.
NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.
Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.
It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.
A woman has recently reported receiving the coronavirus test result of another unknown woman, reportedly sent in a text message by the NHS. Not only did the text reveal the negative test status of the unknown woman, it is understood that it also listed her full name, birth date and the result of her test. The recipient of the message has expressed concern that such a data breach was allowed to occur, particularly given that she took a coronavirus test in early January.
Concerns about data privacy have been linked to the Test and Trace system since its beginnings, with several data breach incidents linked to the scheme, including a major error by Public Health Wales. It is concerning that data privacy has fallen short on occasions in the effort to control the Covid-19 outbreak, especially given that mistakes such as misdirected texts can be so easily avoided.
The Test and Trace system may be designed to protect public health, but that does not mean data breaches like this can go unnoticed.
Many of us disclose personal information so often that we don’t even think about it, trusting that the third party that we are handing our information to will protect it securely. Unfortunately, despite the introduction of the GDPR in 2018, many data controllers still break their legal obligations to keep private data safe. The repercussions of a data breach can be serious, with the confidential information exposed becoming subject to misuse.
As specialists in data breach claims, we have seen the consequences that victims can face, which is why we are always determined to hold companies who have exposed data accountable for their actions. We always try to make sure that compensation claims bring no added stress to the victims, so we encourage you to come forward for no-obligation advice if you think you may have a claim to make.
We naturally expect that healthcare professionals and their support staff will treat our private data with the respect it deserves, only viewing, accessing or sending information when it is strictly necessary. However, there are unfortunately certain individuals who seek to take advantage of the access they are given. NHS staff misusing information are not only breaking with professional standards, they could also be breaching data protection law.
As leading specialists in data breach claims, we have encountered a number of cases in which patient information has been accessed or processed unlawfully by employees. Using our expertise in this area of law, we remind employees that they cannot get away with the misuse of patient records, ensuring that they face consequences for their actions.
In cases where staff are found guilty of breaching data protection regulations, the victims could be eligible to claim compensation. Medical data is often highly sensitive, and no one should ever be made to feel that such information has been compromised or put a risk. If you have been affected by an incident like this, you can contact us for advice on your potential compensation claim.
Hospitals and doctors’ surgeries host visits from large numbers of patients every day, and are treated as places of safety and refuge for those with health issues. Unfortunately, despite the fact that patient-doctor confidentiality is a principle at the heart of the medical profession, some hospitals and healthcare sector organisations are letting down the patients who trust them by failing to protect private data.
We constantly hear how much strain the NHS is under, but the lack of resources and staff is not often seen from the perspective of cybersecurity and data protection. In the wake of the coronavirus outbreak, NHS staff were put under even greater pressure to meet the demands of controlling the virus and, in some cases, data protection has been further neglected.
It is essential that healthcare organisations see data protection as a high priority, or they risk exposing patient data, as has already been the case in many previous healthcare data breaches. Whether it is a case of government funding or internal organisational issues, all healthcare organisations must step up and meet the challenge of the ongoing, and increasing, cybersecurity risks that they face.
With so many NHS employees and resources devoted to suppressing the spread of Covid-19, data security concerns have inadvertently been pushed to one side by healthcare organisations in 2020 in some cases.
It is believed that cybercriminals took advantage of this gap in data protection by launching more attacks on hospitals and other public health organisations. Meanwhile, human error has continued to be a contributing factor, causing several notable healthcare breaches in 2020 also.
The coronavirus pandemic has undoubtedly laid bare the security risks faced by healthcare organisations. Though cyberattack attempts have likely increased during the Covid-19 crisis, healthcare organisations have always been prime targets for cybercriminals, given the sensitivity of the information they hold. As such, the same risks will confront them in the years to come if changes are not made.
We have witnessed first-hand the damage that can be caused by data breaches in our support for the victims. Anyone who has suffered the effects of healthcare data breaches, or any other kind of data breach, may be able to claim compensation for the harm caused.
A health data breach can have substantial repercussions, both for the healthcare organisation involved and the victims affected. As human error mistakes continue to be made internally, the external cybersecurity threat for healthcare organisations has been reported to be on the rise, meaning that there is immense pressure for these organisations to step up their data protection policies.
The sophistication of modern-day cybercrime simply allows no room for error when it comes to data protection. Unfortunately, as leading specialists in data breach law, we see the same mistakes being made time and time again, which is why we believe it is important to hold organisations to account when they fail to protect personal data.
If you have been caused distress or loss by a health data breach, do not hesitate to contact us for advice on your potential claim.
The duty of patient confidentiality is a tenet of medical practice, meaning that all doctors must keep patient information private as a matter of professional duty. Unfortunately, data breaches by hospitals undermine this key responsibility, often through simple administrative errors or data handling mistakes.
However minor the initial misstep is, the repercussions can still be severe when patient or employee data is exposed, which is why healthcare organisations must be held accountable for breaches of data protection law. We know the stress and anxiety data breach victims can suffer, which is why we work hard to claim compensation on behalf of those affected. Although a compensation pay-out cannot undo the harm inflicted on victims, it can help them to know that justice has been done.
Data breach compensation amounts for these kinds of cases can be high given the severity of the impact.