Health & Lifestyle

Fears over safety of YOUR sensitive data as shock probe reveals bungling NHS staff have wrongly handed over confidential data hundreds of times in last two years

Bungling NHS staff have wrongly disclosed confidential data hundreds of times in the last two years.

Never-before-seen data, obtained by MailOnline, reveals 1,600 data breaches have been logged in the health service across the UK since 2021. 

Breaches include staff faxing or emailing sensitive details to the wrong person and leaving documents lying around.

Cyber attacks and people getting unauthorised access to potentially sensitive data were also blamed.

The figures, which come from a Freedom of Information (FOI) request, only look at breaches by incident, not by the number of people affected.

Seventy-five NHS bodies have been investigated by the ICO for data breaches since 2021. Such investigations do not necessarily mean personal data was exposed or that the NHS organisations was at fault, with many investigations concluding that ‘no further action’ was required or that only advice from ICO was provided. However, five NHS bodies were issued with formal reprimands as a result of investigations

MailOnline's probe – which goes up until January 2023 – revealed the most common breach was for someone getting unauthorised access to people's personal data (335 incidents). More than 250 of the incidents recorded related to staff faxing or posting data to the incorrect recipient. Another 174 breaches related to documents being emailed to the wrong person

MailOnline’s probe – which goes up until January 2023 – revealed the most common breach was for someone getting unauthorised access to people’s personal data (335 incidents). More than 250 of the incidents recorded related to staff faxing or posting data to the incorrect recipient. Another 174 breaches related to documents being emailed to the wrong person

It means, in theory, thousands more patients may be impacted than the Information Commissioner’s Office (ICO) numbers suggests.

This website’s expose comes just days after it was revealed that more than 40million voters may have had their data stolen in the biggest data breach in UK history.

The Electoral Commission revealed on Tuesday that ‘hostile actors’ had access to its systems for 14 months without being detected. 

Police in Northern Ireland admitted, on the same day, they were also at the heart of a data breach of ‘monumental proportions’. 

Data on thousands of officers and civilian staff were mistakenly divulged in response to an FOI request.

Meanwhile, NHS Lanarkshire in Scotland was last week officially reprimanded by ICO chiefs after staff shared patient data in an unsecured WhatsApp chat.

Another NHS body was earlier this year slapped on the wrist for accidentally sharing patients’ HIV status, while a London trust was fined nearly £80,000 for a huge email bungle.

MailOnline’s probe – which goes up until January 2023 – revealed the most common breach was for someone getting unauthorised access to people’s personal data (335 incidents).

More than 250 of the incidents recorded related to staff faxing or posting data to the incorrect recipient. Another 174 breaches related to documents being emailed to the wrong person.

Five ransomware attacks and nine phishing scams were also uncovered. 

Phil Booth, coordinator of medConfidential, which campaigns for patient confidentiality, said the figures show a ‘shocking series of mistakes and avoidable harms’.

He said: ‘We can’t know that each patient affected was really told as the ICO doesn’t make sure that happens in a meaningful way.’

The lack of data security within the NHS has resulted in steep penalties in the past, with Trusts fined for losing patient records, staff sharing patient information on WhatsApp and failing to ensure data is password protected. 

The FOI data also shows that NHS staff either lost or had devices/paperwork stolen 224 times, with one incident in 2022 involving ‘brute force’.

Workers also verbally disclosed private information – such as discussing a patient’s private medical information on a public ward – 101 times.

Alteration of personal data was one of the rarest incidents with only 11 cases in three years, though the ICO figures did not record if the changes made were accidental or intentional. 

Thirty-six breaches centred around NHS staff failing to hide the individual emails of recipients.

Tavistock and Portman NHS Foundation Trust — famous for hosting the health service’s Gender Identity Development Service, the only transgender service for kids in the UK — was fined £78,400 for such an incident in July last year.

The Trust sent an email to 5,000 patients about an art competition. While people had agreed to be emailed, staff failed to hide their information correctly, leading to about 1,780 people’s email addresses being exposed to other recipients. 

The Trust was among 75 NHS bodies investigated by the ICO for data breaches since 2021.

Such investigations do not necessarily mean personal data was exposed, or that the NHS organisation was at fault.

The lack of data security within the NHS has resulted in steep penalties in the past, with Trusts fined for losing patient records, staff sharing patient information on WhatsApp and failing to ensure data is password protected

The lack of data security within the NHS has resulted in steep penalties in the past, with Trusts fined for losing patient records, staff sharing patient information on WhatsApp and failing to ensure data is password protected

Many investigations concluded that ‘no further action’ was required. 

However, five NHS bodies were issued with formal reprimands as a result of the ICO investigations.

Epsom and St Helier University Hospitals NHS Trust was handed two.

One related to an incident during the pandemic, where a data entry error saw staff being incorrectly flagged as having the virus. As a result, NHS Test and Trace told them, as well as their close contacts, to self-isolate.

This led to the cancellation of multiple surgical operations and the closure of several schools and nurseries in the local area. 

One of the most shocking reprimands was issued to NHS Highland in Scotland this year.

It concerned an incident in 2019 where the Trust mass emailed 37 people who had recently accessed its HIV services, but did not hide the email addresses correctly.

At least one patient managed to recognise four other people from their email addresses, one of which was a previous sexual partner. 

Other NHS bodies issued reprimands in the past few years include Bridgewater Community Healthcare NHS Foundation Trust in the northwest of England, Warrington and Halton Hospitals NHS Foundation Trust in Warrington and the national health serviced body NHS Blood and Transplant.

The trust with the single most ICO investigations was Homerton Healthcare NHS Foundation Trust, with seven total since 2021. 

These were all cyber related incidents, with a trust spokesperson telling MailOnline they were all related to phishing by hackers. 

However, a Trust spokesperson said they have now taken measures to enhance their data security.

‘Earlier this year we increased our resilience to these incidents by implementing Multi Factor Authentication on all NHSmail accounts,’ they said. 

An NHS England spokesperson said: ‘Organisations that have access to NHS patient data and systems are required to practise and provide evidence of good data security, so that personal information is handled correctly.

‘It is vital that health and care organisations do everything they can to meet their legal responsibilities and data security standards, as well as reporting any breaches to ensure lessons can be learned and improvements made.’

Read More: World News | Entertainment News | Celeb News

Related posts

Much of the food we eat is ultra-processed – and being linked to heart attacks and dementia. But there is a way to eliminate UPFs from your diet without sacrificing flavour, says award-winning nutritionist ROB HOBSON

BBC Brk News

Jeremy Clarkson breaks silence on hidden health scare after sudden weight loss and surgery

BBC Brk News

Would you buy a burger if it looked like this? Researchers propose putting cigarette-style warnings on MEAT so that people eat less

BBC Brk News

Leave a Comment