Warnings As Data Security Breach Hits NHS

Jay Decenella, IT audit expert
June 01, 2011 /

The National Health Service (NHS) in United Kingdom has warned almost 200 walk-in patients that a data security breach may have compromised their personal details.

The records of 189 patients could have been exposed to a third party after some patient details were “inappropriately accessed and their contact details passed to a third party” according to NHS findings.

The NHS has already apologized to patients for the data security breach, saying it was taking its “responsibilities in respecting the security and confidentiality of information” seriously, and assured appropriate actions have been taken.

Likewise, the Information Commissioner’s Office (ICO) said it has taken legal action against the alleged recipient whose identity was not disclosed.

The ICO issued a summon to the individual it is taking action against appear before a hearing at Bury Magistrates Court.

The data security breach was linked to an NHS nurse who was suspected of killing her own daughter. An investigation showed the confidential details were passed to personal injury solicitors.

On February 17, 2011, Dawn Makin, 33, was found unconscious beside the dead body of her four-year old daughter, Chloe, at their home in Lea Mount Drive, Bury in Greater Manchester, England.

The child was shown to have multiple stab wounds based on a post-mortem examination.

Makin remains in the hospital three months after the murder took place, making it hard for police investigators to proceed with their inquiries.

On February, ICO officials confirmed that Makin was under investigation for allegedly leaking the personal details to personal injury solicitors.

Makin was previously fired from Moorgate Primary Care walk-in center.

The ICO, however, did not take legal actions against Makin because the case was not considered to be of public interest.

The data security breach was found to have run for four months in 2010, thus the investigation by the ICO would focus on Prestwich or Moorgate Primary Care Centre visitors over this period.

John Boyington, NHS Bury’s managing director, said: “I would like to apologise to those patients whose records have been inappropriately accessed for any distress this incident may have caused.”

According to Boyington, the case relates to violations against section 55 of the Data Protection Act and to an unlawful access to the details of NHS patients.

On November 30 last year, the ICO raised concerns over the Google Analytics and Facebook plugins that were being connected to NHS Choices Web site.

The ICO sought to assure that third-parties have no access to the data of individuals consulting the NHS Choices site.

 

Share your opinion