ICO warns of surge in UK healthcare data breaches

Healthcare data leaks double since 2013, finds watchdog

Data breach

Data breaches in Britain's healthcare sector have doubled on those reported in 2013, according to the Information Commissioner's Office (ICO).

Health organisations suffered 183 data leaks caused by human error between April and June 2014, up from 91 breaches reported to the data protection watchdog in the same period the previous year.

The 101 per cent increase in healthcare cyber breaches represented the highest number of incidents, followed by local government and education organisations, the ICO said.

Central government also saw breaches grow by more than a third over the period.

But the private sector recorded a 143 per cent increase in breaches for businesses in general, a 200 per cent increase in incidents for the insurance industry and a 200 per cent rise for pension providers.

It follows news of a huge Sony Pictures data breach in which tens of thousands of employees' details are thought to have been leaked.

Telecoms suffered a 150 per cent increase in breaches, while incidents in recruitment shot up 300 per cent.

Encryption firm Egress Software submitted the Freedom of Information (FoI) request that saw the ICO release the data.

And CEO Tony Pepper said the rise in public and private sector data breaches is worrying.

"The upward trend in the number of data breaches throughout key areas of the public sector should be a cause for continued concern," he said. "These organisations are handling particularly sensitive information, with local government providing services direct to and on behalf of citizens, many of whom are vulnerable or at-risk.

"It is also interesting to note the increase in breaches within the private sector as well. While the data they hold is often of a commercially-sensitive nature, it will still include personal information about their clients.

"There should be a subsequent call to action within the private sector to address areas of concern and gaps in data protection, enhancing the services they provide to clients and their reputation within their markets."

The ICO has fined organisations a total 6.7 million since 2010 for violations under the data protection act, with the public sector responsible for 4.5 million of this.

Pepper said: "To date, the ICO has levied in excess of 6.7 million in fines. It is alarming to see that well over half of [the ICO's fines] is coming from the public sector alone.

"In particular, local government have contributed over one-third to this total. Not only are these organisations and bodies responsible for handling citizens data, their malpractice is being paid for by the public pocket."

Brighton and Sussex University Hospitals NHS Trust has received the largest fine to date, at 325,000. This contributed to the 1.3 million total for the healthcare sector as a whole.

But levied fines could be set to increase next year after new EU Data Regulations are passed into law.

The new regulations stipulate that data breaches can be punished with a maximum fine of 100 million, or five per cent of a company's annual turnover.

Pepper added: "It has never been more key to prioritise best practise when it comes to handling confidential information. As a first step that would bring immediate benefits, organisations need to start implementing encryption technology to improve protection and control."

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020