ICO warns of surge in UK healthcare data breaches

Data breach

Data breaches in Britain's healthcare sector have doubled on those reported in 2013, according to the Information Commissioner's Office (ICO).

Health organisations suffered 183 data leaks caused by human error between April and June 2014, up from 91 breaches reported to the data protection watchdog in the same period the previous year.

The 101 per cent increase in healthcare cyber breaches represented the highest number of incidents, followed by local government and education organisations, the ICO said.

Central government also saw breaches grow by more than a third over the period.

But the private sector recorded a 143 per cent increase in breaches for businesses in general, a 200 per cent increase in incidents for the insurance industry and a 200 per cent rise for pension providers.

It follows news of a huge Sony Pictures data breach in which tens of thousands of employees' details are thought to have been leaked.

Telecoms suffered a 150 per cent increase in breaches, while incidents in recruitment shot up 300 per cent.

Encryption firm Egress Software submitted the Freedom of Information (FoI) request that saw the ICO release the data.

And CEO Tony Pepper said the rise in public and private sector data breaches is worrying.

"The upward trend in the number of data breaches throughout key areas of the public sector should be a cause for continued concern," he said. "These organisations are handling particularly sensitive information, with local government providing services direct to and on behalf of citizens, many of whom are vulnerable or at-risk.

"It is also interesting to note the increase in breaches within the private sector as well. While the data they hold is often of a commercially-sensitive nature, it will still include personal information about their clients.

"There should be a subsequent call to action within the private sector to address areas of concern and gaps in data protection, enhancing the services they provide to clients and their reputation within their markets."

The ICO has fined organisations a total 6.7 million since 2010 for violations under the data protection act, with the public sector responsible for 4.5 million of this.

Pepper said: "To date, the ICO has levied in excess of 6.7 million in fines. It is alarming to see that well over half of [the ICO's fines] is coming from the public sector alone.

"In particular, local government have contributed over one-third to this total. Not only are these organisations and bodies responsible for handling citizens data, their malpractice is being paid for by the public pocket."

Brighton and Sussex University Hospitals NHS Trust has received the largest fine to date, at 325,000. This contributed to the 1.3 million total for the healthcare sector as a whole.

But levied fines could be set to increase next year after new EU Data Regulations are passed into law.

The new regulations stipulate that data breaches can be punished with a maximum fine of 100 million, or five per cent of a company's annual turnover.

Pepper added: "It has never been more key to prioritise best practise when it comes to handling confidential information. As a first step that would bring immediate benefits, organisations need to start implementing encryption technology to improve protection and control."