The NHS has been responsible for almost a third of all recorded data breaches in the United Kingdom for the last three years.
So says the Information Commissioner’s Office (ICO), which published a list of the 1,000 data breaches since 2007. It found that the NHS was responsible for 305 of the 1,007 reported breaches.
The private sector is a bit more responsible with data security, it seems, with 288 breaches recorded from individual companies. Meanwhile 132 breaches were recorded from local government bodies and 18 from central government.
Only last month an NHS worker in the secure mental health unit of a Scottish hospital was suspended, after he lost a USB stick containing patients’ medical records. According to local media reports, the USB stick contained unencrypted sensitive information – including the criminal histories of some violent patients at the Tryst Park unit at Bellsdyke psychiatric hospital. The stick was later found by a 12-year-old boy in the car park of an Asda supermarket in nearby Stenhousemuir.
UK companies have already been warned by the ICO to tighten up their security systems. The ICO now has the power to issue large fines for any serious data breaches, and companies that fall foul of the data breach laws, for example, now risk a maximum fine of £500,000. And if that was not enough, the ICO has recently said that it is pushing for prison sentences to be introduced for professional data thieves.
The NHS was also not helped by the fact that 43 breaches were due to data being disclosed in error. The ICO also said that 17 NHS breaches came from information that was lost in transit, 17 from technical/procedural failure, 13 from non-secure disposal, and 12 from ‘other’ causes.
“We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us,” said David Smith, Deputy Commissioner of the ICO. “Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it,” he added.
The ICO has published a Guide to Data Protection which offers advice and tips for organisation to help them secure their data and prevent wrongful disclosure. This includes checking who you are disclosing personal information to, checking that they are genuine and entitled to the personal details that they are asking for, etc.
Other advice centres around correct email protocols that should be followed, as well as physical tasks such as checking that only the name and address can be seen through an envelope window, and that screens in open areas or by windows cannot be viewed by members of the public.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…