With the cyber threat facing healthcare organisations across the globe and on a domestic level at a high, a significant Public Health England data breach could easily happen. With cybersecurity and data protection under such scrutiny, it is natural that doubts have been cast over all kinds of data controllers in the healthcare sector.
The spike in cyberattacks on the healthcare sector has been a much-reported issue over the past year or so, with a perception that cybercriminals have sought to take advantage of the chaos caused by the coronavirus pandemic. However, it is also true that a vast number of data breaches within the healthcare sector are caused by human error, so healthcare organisations must focus on internal training to ensure that they keep information secure.
If you have been affected by a healthcare data breach, you may be entitled to claim compensation for the harm caused. At Your Lawyers – the Data Leak Lawyers – as leading privacy claims experts, we have years of experience in data breach claims, and we can use our expertise to help you achieve the justice you deserve.
On top of the Covid-19 pandemic, healthcare organisations across the globe have also had to contend with rising healthcare cyberattacks since the outbreak began. Cybercriminals, perceiving that attention was diverted to managing the virus, have perhaps seen the pandemic as an opportunity to target hospitals and healthcare organisations under strain. The need for strong cybersecurity in the NHS has, therefore, never been more urgent.
Unfortunately, the NHS has not been known for good cybersecurity and data protection measures in the past, having suffered a number of severe cyberattacks and data breaches in recent years. One of the most infamous incidents was the WannaCry ransomware attack of 2017, where the NHS was said to be more susceptible to this attack due to a failure to follow cybersecurity recommendations.
Even within the context of the Covid-19 pandemic, there is no excuse for poor data protection by healthcare organisations, and the government must step in where funding is an issue. It is vital that action is taken to tackle the short-term threat, as well as planning for the future of cyberattacks.
A misconduct hearing at Dyfed-Powys Police has reportedly told of a police officer misusing information for non-professional purposes.
The personal details in question are understood to have been taken when the officer fined a woman for a breach of Covid restrictions. If the special officer in question had not resigned before the hearing, he would likely have lost his job over the misuse of personal information.
As citizens, we have a right to trust that police officers use our information solely for the purposes of law enforcement. If they ever take advantage of the information, they have access to, it can constitute gross professional misconduct and a breach of data protection law. Anyone who has had their data exposed or misused by the police may be able to claim compensation for the harm caused.
Healthcare organisations hold a vast array of different data about their patients, most of which is highly private and sensitive. Confidential medical information should be safeguarded by the principle of doctor-patient confidentiality, as well as by strong data protection measures. Unfortunately, the number of cybercriminals targeting medical data appears to be on the rise around the globe.
With medical information a prime target, it is important that all healthcare organisations ensure that their systems are secure, and that employees abide by strict data protection procedures. However, in too many cases, there appears to be holes in the defences that put patient data at risk.
Any patient that has been made vulnerable to data misuse by the errors of a healthcare organisation may be able to claim compensation for the harm caused. If you think that you may have a claim to make, you can contact us for free, no-obligation advice on your potential compensation claim.
NHS test and trace contact centres have been implicated in a security controversy, after concerns were raised that staff have been using their personal email addresses for sending private health data, according to Healthcare IT News.
The test and trace scheme has been subjected to data security criticisms since its beginnings. Some worries look to have been proven right, given that a number of data breaches have exposed coronavirus test results over the past year. With the medical sector already a prime target for hackers, it seems clear to us that more needs to be done.
While the Covid-19 pandemic has challenged NHS staff and resources, it is still unacceptable that data security has been allowed to slip, particularly given that the pandemic has seen a spike in the occurrence of cyberattacks. Where sensitive medical information is at stake, there can be no room for error.
The vital crime-fighting function of the police means that they are allowed to request, process and use much more data than most people would ordinarily disclose to a third party. Many trust the police to handle the information that they are given access to with caution and respect, only requesting and viewing it when absolutely necessary. However, there are unfortunate examples of police using data without consent, abusing their powers to view or use information inappropriately.
Police officers are not above data protection law and this is important to remember. It may be that certain allowances are granted to them in accordance with the GDPR, but they are still bound to certain restrictions.
As such, those who are affected by police data breaches may be entitled to claim compensation for the harm caused.
According to recent data analysis by Redscan, Trusts have begun to deal with and address NHS cyber-skills shortages in the past two years, although there is still a lot of ground to cover to tackle the problem of data breaches within the health service. In 2018, it was reportedly revealed by Redscan that around a quarter of NHS Trusts did not have security professionals, whereas now, the figure has dropped to 15% of Trusts.
Despite an average decline in the number of NHS data breaches reported to the ICO, it is still clear that personal information is still not being granted the full security it deserves. In our view, there is still a lot of work to be done to ensure all NHS Trusts have the appropriate cybersecurity and data protection breaches needed to keep data safe.
We have represented many clients for a number of NHS data breach cases over several years, so we have seen just how devastating the effects can be when sensitive medical information is compromised. In accordance with UK data protection law, every citizen has a right to strong data protection, which is why we can help victims of data breaches to assert their rights by making compensation claims.
It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the police service again after it was found that he accessed private records without a valid policing reason. The Special Constable in question is understood to have resigned from his position before superiors could dismiss him for his data snooping.
While police officers are granted information access to records and details that are needed for casework, they are not authorised to view or use information outside of their policing workload without any good reason. Campbell violated his professional duty by accessing information without a legitimate reason, reportedly only browsing the records due to “curiosity”.
Regardless of the motives of the Hampshire police officer, there is no excuse for breaching data protection law. We trust the police service to maintain strict control over personal information, so it is important that any officers who breach the duty they owe to the public are held accountable for their actions.
NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.
Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.
It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.
Recent coverage has revealed that action taken by bank employees and police prevented some £45m of fraud in 2020, saving customers from the loss of an average of almost £6,000 each. The figure is a testament to the success of the Banking Protocol scheme that encourages banks and the police to work together to protect consumers.
However, the huge £45m sum is also a sign of the scale of fraud in the UK. As leading, specialists in data protection law, we believe that the link between data breaches and fraud is a problem that needs to be addressed. When a third-party organisation fails to protect your personal information, it may be leaked into the hands of cybercriminals, who may attempt to steal from you via various kinds of manipulative scams.
We believe that it is essential that all data controllers are held to account when they fail to observe their legal duties. We have helped thousands of consumers to recover the compensation that they deserve, so we encourage any data breach victims to come forward for free, no-obligation advice on their potential claims.