ICO hits NHS trust with record £325,000 fine

Data protection watchdog hits Brighton and Sussex University Hospitals Trust with penalty following staff and patient data breach.

broken hard disk

The Information Commissioner's Office (ICO) has issued its largest ever fine against a NHS trust that disclosed personal details about thousands of staff and patients.

The Brighton and Sussex University Hospitals NHS Trust has been hit with a 325,000 penalty, the largest the ICO has ever issued, after the details were discovered on hard drives sold via an internet auction site in 2010.

NHS patients rely on the service to keep their sensitive personal details secure.

The ICO said the hard drives contained information about patients' medical conditions and treatments, disability living allowance forms and children's reports.

They also contained staff National Insurance numbers, home addresses, criminal convictions and suspected offences.

The storage devices were in a batch of 1,000 disk drives that had been earmarked for destruction and had been stored in a room at Brighton General Hospital that was only accessible using a key code.

However, a data recovery company then purchased them online, along with two other drives, in December 2010.

"The ICO was assured in our initial investigation that only four hard drives were affected, [but] a university contacted us in April 2011 to advise that one of their students had purchased drives via an internet auction site," said the ICO in a press statement.

"An examination of the drives established that they contained data which belonged to the Trust."

It is thought that at least 252 of the 1,000 drives were removed from the room without permission, and the ICO claims the Trust has been unable to provide an explanation.

That being said, the ICO statement suggests a member of staff working for a third party IT supplier may have been involved.

David Smith, the ICO's deputy commissioner and director of data protection, said the size of the fine reflects the "gravity and scale" of the breach.

"Patients of the NHS, in particular, rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff," said Smith.

At the time of writing, IT Pro was awaiting a comment from the Trust about the data breach.

Nick Banks, vice president of EMEA and APAC at Imation Mobile Security, said the situation could have been easily avoided.

"Had these drives been encrypted and managed, the drives would have been disabled and the data kept secure, so the trust could have avoided a massive financial penalty, distress to patients and very serious damage to its reputation," said Banks.

"Instead it will have to find room in its budget to pay a 325,000 fine, money which will come from the public purse."

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

Indiana notifies 750,000 after COVID-19 tracing data accessed
data breaches

Indiana notifies 750,000 after COVID-19 tracing data accessed

18 Aug 2021
Pearson fined $1 million for downplaying severity of 2018 breach
data breaches

Pearson fined $1 million for downplaying severity of 2018 breach

17 Aug 2021
“Great resignation” sparks concern over insider data leaks
data protection

“Great resignation” sparks concern over insider data leaks

13 Aug 2021
Data breach exposes millions of seniors' data
big data

Data breach exposes millions of seniors' data

9 Aug 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021