ICO warns of surge in UK healthcare data breaches

Healthcare data leaks double since 2013, finds watchdog

Data breach

Data breaches in Britain's healthcare sector have doubled on those reported in 2013, according to the Information Commissioner's Office (ICO).

Health organisations suffered 183 data leaks caused by human error between April and June 2014, up from 91 breaches reported to the data protection watchdog in the same period the previous year.

Advertisement - Article continues below

The 101 per cent increase in healthcare cyber breaches represented the highest number of incidents, followed by local government and education organisations, the ICO said.

Central government also saw breaches grow by more than a third over the period.

But the private sector recorded a 143 per cent increase in breaches for businesses in general, a 200 per cent increase in incidents for the insurance industry and a 200 per cent rise for pension providers.

It follows news of a huge Sony Pictures data breach in which tens of thousands of employees' details are thought to have been leaked.

Telecoms suffered a 150 per cent increase in breaches, while incidents in recruitment shot up 300 per cent.

Encryption firm Egress Software submitted the Freedom of Information (FoI) request that saw the ICO release the data.

And CEO Tony Pepper said the rise in public and private sector data breaches is worrying.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The upward trend in the number of data breaches throughout key areas of the public sector should be a cause for continued concern," he said. "These organisations are handling particularly sensitive information, with local government providing services direct to and on behalf of citizens, many of whom are vulnerable or at-risk.

"It is also interesting to note the increase in breaches within the private sector as well. While the data they hold is often of a commercially-sensitive nature, it will still include personal information about their clients.

"There should be a subsequent call to action within the private sector to address areas of concern and gaps in data protection, enhancing the services they provide to clients and their reputation within their markets."

The ICO has fined organisations a total 6.7 million since 2010 for violations under the data protection act, with the public sector responsible for 4.5 million of this.

Advertisement - Article continues below

Pepper said: "To date, the ICO has levied in excess of 6.7 million in fines. It is alarming to see that well over half of [the ICO's fines] is coming from the public sector alone.

"In particular, local government have contributed over one-third to this total. Not only are these organisations and bodies responsible for handling citizens data, their malpractice is being paid for by the public pocket."

Brighton and Sussex University Hospitals NHS Trust has received the largest fine to date, at 325,000. This contributed to the 1.3 million total for the healthcare sector as a whole.

But levied fines could be set to increase next year after new EU Data Regulations are passed into law.

The new regulations stipulate that data breaches can be punished with a maximum fine of 100 million, or five per cent of a company's annual turnover.

Pepper added: "It has never been more key to prioritise best practise when it comes to handling confidential information. As a first step that would bring immediate benefits, organisations need to start implementing encryption technology to improve protection and control."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020