DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Former NHS secretary found guilty of illegally accessing medical records

Posted on November 18, 2023 by Dissent

A reminder of the insider threat:

A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people.

Loretta Alborghetti, from Redditch, worked as a medical secretary within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed the records.

In June 2019, a complaint was raised by a patient who was concerned that their medical records had been accessed by an employee.
An investigation revealed that Ms Alborghetti had accessed this individual’s records 33 times between March 2019 and June 2019, without consent or a business need to do so.

It further discovered that she had accessed a total of 156 patient records without consent or a business need, viewing them over 1800 times within the three-month period. This included the records of family members and individuals with postcodes local to where she lived at the time.

As part of her role as a medical secretary, Ms Alborghetti was required to access clinical and personal information of patients within the ophthalmology department. However, the individuals whose records were accessed had no medical conditions relating to ophthalmology.

Ms Alborghetti appeared before Worcester Magistrates’ Court on 15 November 2023. Following the investigation from the Information Commissioner’s Office, she pleaded guilty to unlawfully obtaining personal data in breach of Section 170 of the Data Protection Act 2018 and was ordered to pay a total of £648.

People should never have to think twice about whether their sensitive data, such as their medical records, is secure and in safe hands.

“We want to remind those in positions of trust that just because your job may grant you access to other people’s personal information, that doesn’t mean you have the legal right to look at it for your own purposes.

“This case shows that the ICO will take action when confidential personal records are accessed unlawfully. Curiosity is no excuse for breaching data protection laws.” – Andy Curry, ICO Head of Investigations

SOURCE:  Information Commissioner’s Office

And if you want a second reminder for this week: T-Mobile sued after employee stole nude images from customer phone during trade-in

 

Related posts:

  • NHS Management, LLC issues updated statement about cyberattack in 2021
Category: Health DataInsiderNon-U.S.

Post navigation

← Does claiming you were hacked when you had really just screwed up violate the FTC Act?
A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.