ICO warns of surge in UK healthcare data breaches

Healthcare data leaks double since 2013, finds watchdog

Data breach

Data breaches in Britain's healthcare sector have doubled on those reported in 2013, according to the Information Commissioner's Office (ICO).

Health organisations suffered 183 data leaks caused by human error between April and June 2014, up from 91 breaches reported to the data protection watchdog in the same period the previous year.

Advertisement - Article continues below

The 101 per cent increase in healthcare cyber breaches represented the highest number of incidents, followed by local government and education organisations, the ICO said.

Central government also saw breaches grow by more than a third over the period.

But the private sector recorded a 143 per cent increase in breaches for businesses in general, a 200 per cent increase in incidents for the insurance industry and a 200 per cent rise for pension providers.

It follows news of a huge Sony Pictures data breach in which tens of thousands of employees' details are thought to have been leaked.

Telecoms suffered a 150 per cent increase in breaches, while incidents in recruitment shot up 300 per cent.

Encryption firm Egress Software submitted the Freedom of Information (FoI) request that saw the ICO release the data.

And CEO Tony Pepper said the rise in public and private sector data breaches is worrying.

Advertisement - Article continues below
Advertisement - Article continues below

"The upward trend in the number of data breaches throughout key areas of the public sector should be a cause for continued concern," he said. "These organisations are handling particularly sensitive information, with local government providing services direct to and on behalf of citizens, many of whom are vulnerable or at-risk.

"It is also interesting to note the increase in breaches within the private sector as well. While the data they hold is often of a commercially-sensitive nature, it will still include personal information about their clients.

"There should be a subsequent call to action within the private sector to address areas of concern and gaps in data protection, enhancing the services they provide to clients and their reputation within their markets."

The ICO has fined organisations a total 6.7 million since 2010 for violations under the data protection act, with the public sector responsible for 4.5 million of this.

Advertisement - Article continues below

Pepper said: "To date, the ICO has levied in excess of 6.7 million in fines. It is alarming to see that well over half of [the ICO's fines] is coming from the public sector alone.

"In particular, local government have contributed over one-third to this total. Not only are these organisations and bodies responsible for handling citizens data, their malpractice is being paid for by the public pocket."

Brighton and Sussex University Hospitals NHS Trust has received the largest fine to date, at 325,000. This contributed to the 1.3 million total for the healthcare sector as a whole.

But levied fines could be set to increase next year after new EU Data Regulations are passed into law.

The new regulations stipulate that data breaches can be punished with a maximum fine of 100 million, or five per cent of a company's annual turnover.

Pepper added: "It has never been more key to prioritise best practise when it comes to handling confidential information. As a first step that would bring immediate benefits, organisations need to start implementing encryption technology to improve protection and control."

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now


data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020

Most Popular

video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020