Reading:
Tewksbury Hospital admits data breach by former employee
Share:
healthcare data breaches

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Tewksbury Hospital admits data breach by former employee

A former employee stands accused of inappropriately accessing over a thousand patient records without authorisation.

It’s believed more than 1,100 patients may have had their medical records viewed without reason for a 14-year period.

Authorities were alerted to the data breach when a former patient raised concerns that their medical records may have been accessed inappropriately online. An internal review found that a hospital employee had indeed accessed the records “without a good reason” to do so. From there, it was found that the same employee had accessed a huge number of former and current patient medical records without authorisation or grounds to do so.

Department of Health Investigation

The relevant Department of Health have been conducting an investigation over the multiple data breaches spanning from 2003 to May 2017. The unnamed employee obtained access to a range of personal and sensitive information, including:

  • Names
  • Addresses
  • Phone numbers
  • Dates of birth
  • Gender
  • Diagnoses
  • Medical treatment

It’s also believed that, for some patients, Social Security Numbers may have also been compromised.

Why were the records accessed?

No information has been offered as to the employee’s intentions for accessing the patient records.

So far, there has also been no confirmation that the information has been copied and shared anywhere else.

Officials are aware that, with the wealth of information compromised, people could be at serious risk. With social security numbers, the employee could easily steal someone’s identity, or sell the information on to malicious organisations as well.

No evidence of information being misused

Officials do not believe the information has been misused. The culprit has reportedly been dismissed and no longer has access to patient records.

The hospital in question has taken action to implement further security measures to ensure patient records and personal information have greater protection from unauthorised internal and external access.

How has this happened for 14-years?

It’s simply shocking that this kind of data breach could be allowed to happen for 14-years. Tewksbury hospital may also be taking steps to review and implement security protocols to ensure across-the-board compliance, alongside with appropriate monitoring to ensure everyone follows data protection rules.

The Department of Health and Human Services has offered individuals some helpful advice if they suspect misuse of personal data:

  • Notify authorities of the loss of personal data and request for an initial fraud alert to be placed on your bank account for 3 months
  • Order a credit report and check it for any sighs of suspicious activity
  • Request a security freeze (though this may impact the individual’s own access to their accounts).

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon