NHS data breach exposed sensitive health data of 150,000 patients

LONDON, UK – MAY 17TH 2017: The homepage of the official website for the National Health Service in England, on 17th May 2017.

The National Health Service (NHS) in the United Kingdom has suffered a data breach in which sensitive health-related data of over 150,000 patients have been exposed.

The data breach took place due to a coding error in the software used by GPs, TPP’s SystmOne and affected patients who did not opt-in to share their data that NHS had collected from across the health and care service for purposes other than the individuals care.

According to a statement from Health minister Jacqueline Doyle-Price, “An error occurred when 150,000 Type 2 objections set between March 2015 and June 2018, in GP practices running TPP’s system were not sent to NHS Digital,” said Health minister Jacqueline Doyle-Price. “This means that data for these patients has been used in clinical audit and research that helps drive improvements in outcomes for patients.”

Dr. John Parry, clinical director at TPP said in a statement that “In light of this, TPP apologizes unreservedly for its role in this issue.”

The Information Commissioner’s Office (ICO) has been notified and an investigation is underway. However, this is not the first time when NHS is making headlines for all the wrong reasons. Previously, its cyberinfrastructure was also infected with the infamous and nasty WannaCry ransomware.

Luke Brown, VP EMEA at WinMagic commented on the issue and said that “This latest incident demonstrates the varying nature of data breaches. Although this particular event wasn’t malicious, the outcome is still the same. Sensitive data that was meant to be kept private was shared with recipients that had no business to have it.”

“Like many organizations, the NHS’s IT infrastructure is vast and unwieldy, so it needs to deploy a single encryption platform that can deal with an array of individual devices and operating systems. What this means in practice is that as data moves from one platform or infrastructure to another it’s covered by one ‘all-inclusive’ encryption solution – and not less effective disparate native encryption tools,” Brown explained.

“The NHS is committed to delivering patient-centered care. Unfortunately, in today’s world, that means caring for our data, as well as our health – both of which are extremely difficult things to deliver.”

Image credit: Depositphotos

Related Posts