IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ICO hits NHS trust with record £325,000 fine

Data protection watchdog hits Brighton and Sussex University Hospitals Trust with penalty following staff and patient data breach.

broken hard disk

The Information Commissioner's Office (ICO) has issued its largest ever fine against a NHS trust that disclosed personal details about thousands of staff and patients.

The Brighton and Sussex University Hospitals NHS Trust has been hit with a 325,000 penalty, the largest the ICO has ever issued, after the details were discovered on hard drives sold via an internet auction site in 2010.

NHS patients rely on the service to keep their sensitive personal details secure.

The ICO said the hard drives contained information about patients' medical conditions and treatments, disability living allowance forms and children's reports.

They also contained staff National Insurance numbers, home addresses, criminal convictions and suspected offences.

The storage devices were in a batch of 1,000 disk drives that had been earmarked for destruction and had been stored in a room at Brighton General Hospital that was only accessible using a key code.

However, a data recovery company then purchased them online, along with two other drives, in December 2010.

"The ICO was assured in our initial investigation that only four hard drives were affected, [but] a university contacted us in April 2011 to advise that one of their students had purchased drives via an internet auction site," said the ICO in a press statement.

"An examination of the drives established that they contained data which belonged to the Trust."

It is thought that at least 252 of the 1,000 drives were removed from the room without permission, and the ICO claims the Trust has been unable to provide an explanation.

That being said, the ICO statement suggests a member of staff working for a third party IT supplier may have been involved.

David Smith, the ICO's deputy commissioner and director of data protection, said the size of the fine reflects the "gravity and scale" of the breach.

"Patients of the NHS, in particular, rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff," said Smith.

At the time of writing, IT Pro was awaiting a comment from the Trust about the data breach.

Nick Banks, vice president of EMEA and APAC at Imation Mobile Security, said the situation could have been easily avoided.

"Had these drives been encrypted and managed, the drives would have been disabled and the data kept secure, so the trust could have avoided a massive financial penalty, distress to patients and very serious damage to its reputation," said Banks.

"Instead it will have to find room in its budget to pay a 325,000 fine, money which will come from the public purse."

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022