Five NHS bodies breach Data Protection Act

The ICO finds five NHS bodies recently breached the Data Protection Act, as the health service is called on to up its security game.

Security

The Information Commissioner's Office (ICO) has called on the NHS to do more to protect patient information, following a slew of breaches at the health service.

The ICO discovered five health organisations had breached the Data Protection Act, all of which had not taken "appropriate steps" to secure sensitive personal information."

Information commissioner Christopher Graham said the NHS needed to initiate a "culture change" if security was to be improved.

"Recent incidents such as the loss of laptops at NHS North Central London - which we are currently investigating - suggest that the security of data remains a systemic problem," Graham said.

"The policies and procedures may already be in place but the fact is that they are not being followed on the ground."

In one of the five breaches discovered by the ICO, Ipswich Hospital NHS Trust lost 29 patient records after a member of staff took them home to update a training log and then misplaced them.

In another, Dunelm Medical Practice in Durham sent discharge letters about two patients' routine operations to the wrong recipient, after an employee entered the fax number incorrectly.

The NHS has suffered numerous data breaches in the past, losing devices in public spaces such as a car park and a bus stop.

Reports last month indicated an NHS laptop containing 8.6 million medical records had gone missing.

"We fully support the information commissioner's call for improvement in local NHS practice in relation to preserving patient confidentiality," a Department of Health spokesperson said.

"There is absolutely no excuse for breaches leading to the loss of sensitive and personal data. Encrypting information held on portable devices such as laptops and memory sticks is just as important as avoiding public conversations about patients' details."

The NHS has signed a deal with Zscaler to implement at cloud security product within the health service, IT Pro revealed last week.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Digital Shadows’ context-based security alerts expand sensitive doc management
Security

Digital Shadows’ context-based security alerts expand sensitive doc management

23 Nov 2020
More than half of businesses saw rising fraud levels this year
Security

More than half of businesses saw rising fraud levels this year

23 Nov 2020
Manchester United resists ‘sophisticated’ cyber attack
Security

Manchester United resists ‘sophisticated’ cyber attack

23 Nov 2020
MPs targeted with nearly three million malicious emails per month
Security

MPs targeted with nearly three million malicious emails per month

23 Nov 2020

Most Popular

Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020