According to recent data analysis by Redscan, Trusts have begun to deal with and address NHS cyber-skills shortages in the past two years, although there is still a lot of ground to cover to tackle the problem of data breaches within the health service. In 2018, it was reportedly revealed by Redscan that around a quarter of NHS Trusts did not have security professionals, whereas now, the figure has dropped to 15% of Trusts.
Despite an average decline in the number of NHS data breaches reported to the ICO, it is still clear that personal information is still not being granted the full security it deserves. In our view, there is still a lot of work to be done to ensure all NHS Trusts have the appropriate cybersecurity and data protection breaches needed to keep data safe.
We have represented many clients for a number of NHS data breach cases over several years, so we have seen just how devastating the effects can be when sensitive medical information is compromised. In accordance with UK data protection law, every citizen has a right to strong data protection, which is why we can help victims of data breaches to assert their rights by making compensation claims.
It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the police service again after it was found that he accessed private records without a valid policing reason. The Special Constable in question is understood to have resigned from his position before superiors could dismiss him for his data snooping.
While police officers are granted information access to records and details that are needed for casework, they are not authorised to view or use information outside of their policing workload without any good reason. Campbell violated his professional duty by accessing information without a legitimate reason, reportedly only browsing the records due to “curiosity”.
Regardless of the motives of the Hampshire police officer, there is no excuse for breaching data protection law. We trust the police service to maintain strict control over personal information, so it is important that any officers who breach the duty they owe to the public are held accountable for their actions.
NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.
Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.
It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.
Recent coverage has revealed that action taken by bank employees and police prevented some £45m of fraud in 2020, saving customers from the loss of an average of almost £6,000 each. The figure is a testament to the success of the Banking Protocol scheme that encourages banks and the police to work together to protect consumers.
However, the huge £45m sum is also a sign of the scale of fraud in the UK. As leading, specialists in data protection law, we believe that the link between data breaches and fraud is a problem that needs to be addressed. When a third-party organisation fails to protect your personal information, it may be leaked into the hands of cybercriminals, who may attempt to steal from you via various kinds of manipulative scams.
We believe that it is essential that all data controllers are held to account when they fail to observe their legal duties. We have helped thousands of consumers to recover the compensation that they deserve, so we encourage any data breach victims to come forward for free, no-obligation advice on their potential claims.
A woman has recently reported receiving the coronavirus test result of another unknown woman, reportedly sent in a text message by the NHS. Not only did the text reveal the negative test status of the unknown woman, it is understood that it also listed her full name, birth date and the result of her test. The recipient of the message has expressed concern that such a data breach was allowed to occur, particularly given that she took a coronavirus test in early January.
Concerns about data privacy have been linked to the Test and Trace system since its beginnings, with several data breach incidents linked to the scheme, including a major error by Public Health Wales. It is concerning that data privacy has fallen short on occasions in the effort to control the Covid-19 outbreak, especially given that mistakes such as misdirected texts can be so easily avoided.
The Test and Trace system may be designed to protect public health, but that does not mean data breaches like this can go unnoticed.
In the worst cases, data breaches can involve highly sensitive information, compromising the privacy and safety of some of the most vulnerable people in our society. In particular, social services breaches often affect the most vulnerable victims, leaving them open to even more risks than they already face.
Generally run by local councils, social services offer support to their local communities, whether this is providing assistance for people with disabilities, running care homes, or setting up domestic abuse support groups. While social services are absolutely essential to ensuring the safety and well-being of the people under their care, this protection can break down when a data breach occurs.
Anyone who has been let down by a social services data breach may be able to claim compensation for the harm caused.
Hospitals and doctors’ surgeries host visits from large numbers of patients every day, and are treated as places of safety and refuge for those with health issues. Unfortunately, despite the fact that patient-doctor confidentiality is a principle at the heart of the medical profession, some hospitals and healthcare sector organisations are letting down the patients who trust them by failing to protect private data.
We constantly hear how much strain the NHS is under, but the lack of resources and staff is not often seen from the perspective of cybersecurity and data protection. In the wake of the coronavirus outbreak, NHS staff were put under even greater pressure to meet the demands of controlling the virus and, in some cases, data protection has been further neglected.
It is essential that healthcare organisations see data protection as a high priority, or they risk exposing patient data, as has already been the case in many previous healthcare data breaches. Whether it is a case of government funding or internal organisational issues, all healthcare organisations must step up and meet the challenge of the ongoing, and increasing, cybersecurity risks that they face.
With so many NHS employees and resources devoted to suppressing the spread of Covid-19, data security concerns have inadvertently been pushed to one side by healthcare organisations in 2020 in some cases.
It is believed that cybercriminals took advantage of this gap in data protection by launching more attacks on hospitals and other public health organisations. Meanwhile, human error has continued to be a contributing factor, causing several notable healthcare breaches in 2020 also.
The coronavirus pandemic has undoubtedly laid bare the security risks faced by healthcare organisations. Though cyberattack attempts have likely increased during the Covid-19 crisis, healthcare organisations have always been prime targets for cybercriminals, given the sensitivity of the information they hold. As such, the same risks will confront them in the years to come if changes are not made.
We have witnessed first-hand the damage that can be caused by data breaches in our support for the victims. Anyone who has suffered the effects of healthcare data breaches, or any other kind of data breach, may be able to claim compensation for the harm caused.
Councils are often in possession of extensive personal information pertaining to their employees and their residents. Often, councils keep sensitive information belonging to residents in receipt of benefit payments, or to those who have made payments to them, whether this is for a parking fine or for council tax. Council payment data breaches can arise when any information relating to payments to or from residents is exposed.
The wealth of information available at councils can make them prime targets for hackers, but it also means that any human error data breaches caused by employees can have severe implications. For the victims, data exposure can provoke an emotional and financial impact, which is why we help those affected to claim compensation for the harm caused to them.
Each and every third-party data controller has a duty to protect the data entrusted to their care, and they can be held accountable under the law when this duty is neglected. Your Lawyers, as leading data protection lawyers, know what it takes to hold organisations to justice.
A health data breach can have substantial repercussions, both for the healthcare organisation involved and the victims affected. As human error mistakes continue to be made internally, the external cybersecurity threat for healthcare organisations has been reported to be on the rise, meaning that there is immense pressure for these organisations to step up their data protection policies.
The sophistication of modern-day cybercrime simply allows no room for error when it comes to data protection. Unfortunately, as leading specialists in data breach law, we see the same mistakes being made time and time again, which is why we believe it is important to hold organisations to account when they fail to protect personal data.
If you have been caused distress or loss by a health data breach, do not hesitate to contact us for advice on your potential claim.