NHS Tops ICO List For Most Data Breaches

The NHS has been responsible for almost a third of all recorded data breaches in the United Kingdom for the last three years.

So says the Information Commissioner’s Office (ICO), which published a list of the 1,000 data breaches since 2007. It found that the NHS was responsible for 305 of the 1,007 reported breaches.

The private sector is a bit more responsible with data security, it seems, with 288 breaches recorded from individual companies. Meanwhile 132 breaches were recorded from local government bodies and 18 from central government.

Only last month an NHS worker in the secure mental health unit of a Scottish hospital was suspended, after he lost a USB stick containing patients’ medical records. According to local media reports, the USB stick contained unencrypted sensitive information – including the criminal histories of some violent patients at the Tryst Park unit at Bellsdyke psychiatric hospital. The stick was later found by a 12-year-old boy in the car park of an Asda supermarket in nearby Stenhousemuir.

Tough Penalties

UK companies have already been warned by the ICO to tighten up their security systems. The ICO now has the power to issue large fines for any serious data breaches, and companies that fall foul of the data breach laws, for example, now risk a maximum fine of £500,000. And if that was not enough, the ICO has recently said that it is pushing for prison sentences to be introduced for professional data thieves.

Meanwhile the latest figures from the ICO also provided an insight to the exact nature of the breaches in the NHS. Of the NHS’s 305 breaches, 116 data breaches were caused by stolen data and hardware. A further 87 were caused by lost data and hardware.

Human Error

The NHS was also not helped by the fact that 43 breaches were due to data being disclosed in error. The ICO also said that 17 NHS breaches came from information that was lost in transit, 17 from technical/procedural failure, 13 from non-secure disposal, and 12 from ‘other’ causes.

“We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us,” said David Smith, Deputy Commissioner of the ICO. “Extra vigilance is required so that people’s personal information does not end up in the wrong hands.

“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it,” he added.

The ICO has published a Guide to Data Protection which offers advice and tips for organisation to help them secure their data and prevent wrongful disclosure. This includes checking who you are disclosing personal information to, checking that they are genuine and entitled to the personal details that they are asking for, etc.

Other advice centres around correct email protocols that should be followed, as well as physical tasks such as checking that only the name and address can be seen through an envelope window, and that screens in open areas or by windows cannot be viewed by members of the public.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago