Five NHS bodies breach Data Protection Act

The ICO finds five NHS bodies recently breached the Data Protection Act, as the health service is called on to up its security game.


The Information Commissioner's Office (ICO) has called on the NHS to do more to protect patient information, following a slew of breaches at the health service.

The ICO discovered five health organisations had breached the Data Protection Act, all of which had not taken "appropriate steps" to secure sensitive personal information."

Information commissioner Christopher Graham said the NHS needed to initiate a "culture change" if security was to be improved.

"Recent incidents such as the loss of laptops at NHS North Central London - which we are currently investigating - suggest that the security of data remains a systemic problem," Graham said.

Advertisement - Article continues below
Advertisement - Article continues below

"The policies and procedures may already be in place but the fact is that they are not being followed on the ground."

In one of the five breaches discovered by the ICO, Ipswich Hospital NHS Trust lost 29 patient records after a member of staff took them home to update a training log and then misplaced them.

In another, Dunelm Medical Practice in Durham sent discharge letters about two patients' routine operations to the wrong recipient, after an employee entered the fax number incorrectly.

The NHS has suffered numerous data breaches in the past, losing devices in public spaces such as a car park and a bus stop.

Reports last month indicated an NHS laptop containing 8.6 million medical records had gone missing.

"We fully support the information commissioner's call for improvement in local NHS practice in relation to preserving patient confidentiality," a Department of Health spokesperson said.

Advertisement - Article continues below

"There is absolutely no excuse for breaches leading to the loss of sensitive and personal data. Encrypting information held on portable devices such as laptops and memory sticks is just as important as avoiding public conversations about patients' details."

The NHS has signed a deal with Zscaler to implement at cloud security product within the health service, IT Pro revealed last week.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Health Secretary bans pagers from NHS hospitals

25 Feb 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

5 Sep 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020