Five NHS bodies breach Data Protection Act

The ICO finds five NHS bodies recently breached the Data Protection Act, as the health service is called on to up its security game.

Security

The Information Commissioner's Office (ICO) has called on the NHS to do more to protect patient information, following a slew of breaches at the health service.

The ICO discovered five health organisations had breached the Data Protection Act, all of which had not taken "appropriate steps" to secure sensitive personal information."

Advertisement - Article continues below

Information commissioner Christopher Graham said the NHS needed to initiate a "culture change" if security was to be improved.

"Recent incidents such as the loss of laptops at NHS North Central London - which we are currently investigating - suggest that the security of data remains a systemic problem," Graham said.

"The policies and procedures may already be in place but the fact is that they are not being followed on the ground."

In one of the five breaches discovered by the ICO, Ipswich Hospital NHS Trust lost 29 patient records after a member of staff took them home to update a training log and then misplaced them.

In another, Dunelm Medical Practice in Durham sent discharge letters about two patients' routine operations to the wrong recipient, after an employee entered the fax number incorrectly.

The NHS has suffered numerous data breaches in the past, losing devices in public spaces such as a car park and a bus stop.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Reports last month indicated an NHS laptop containing 8.6 million medical records had gone missing.

"We fully support the information commissioner's call for improvement in local NHS practice in relation to preserving patient confidentiality," a Department of Health spokesperson said.

"There is absolutely no excuse for breaches leading to the loss of sensitive and personal data. Encrypting information held on portable devices such as laptops and memory sticks is just as important as avoiding public conversations about patients' details."

The NHS has signed a deal with Zscaler to implement at cloud security product within the health service, IT Pro revealed last week.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020