NHS Highland patients have been involved in a serious medical data breach. The health board has admitted that the details of 284 patients were sent to 31 people. The data breached includes patients’ contact details, their date of birth and name of their clinic. According to NHS Highland, no other medical information was compromised.
Following the medical data breach, the health board has reported the incident to the Information Commissioner’s Office and has launched an investigation into the privacy violation. Pam Dudek, NHS Highland’s chief executive, said the health board had contacted the patients involved in the data breach to “apologise unreservedly”.
Medical data breaches can be traumatic
The health and medical sector handles some of our most sensitive and confidential information. And, as patients, we expect this data to be looked after carefully. But the UK health sector accounts for nearly half of all data breaches. Moreover, as our health and social care system becomes increasingly digital, there are concerns that the robust protections required are simply not in place.
High-profile medical data breaches
Unfortunately, the NHS Highland data breach is not the only high-profile medical data breach that has happened in 2020.
On 14 September 2020, Public Health Wales (PHW) admitted to a significant data breach. In a statement, PHW said the violation involved the personally identifiable data of Welsh residents who had tested positive for COVID-19. And in July 2020, hackers targeted the British Dental Association’s (BDA) systems.
In another serious medical data breach, on 14 March 2020, the Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR), a company which performs early clinical trials of drugs and vaccines.
HMR did not pay the ransom. Malcolm Boyce, managing and clinical director and doctor at HMR said: “We have no intention of paying. I would rather go out of business than pay a ransom to these people”. In response to this refusal, the cyber gangsters published the personal and medical details of more than 2,300 former volunteer patients online.
At Keller Lenkner UK, we are representing several clients who are seeking compensation from HMR for the breach of their private information. According to HMR, the published records were from some volunteers with surnames beginning with D, G, I or J. However, HMR admits that criminals might still have your data, even if your records were not among those published. If you are worried that your information has been exposed, you can check with HMR at DataProtection@hmrlondon.com.
Making a data breach claim
Our healthcare sector does a fantastic job, often under incredibly challenging circumstances. But data privacy is often being treated as an afterthought. No one wants to sue the NHS, but sometimes making a claim is the only way to force improvements in patient security. It is also worth mentioning that the NHS is insured against compensation claims.
IF YOU HAVE BEEN A VICTIM OF A MEDICAL DATA BREACH – WE CAN HELP YOU MAKE A NO-WIN, NO-FEE CLAIM FOR COMPENSATION.