DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

U.K.: Hospitals urged to improve data protection standards following incident at NHS Fife

Posted on November 28, 2023 by Dissent

From the Information Commissioner’s Office:

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Fife, after an unauthorised person was able to enter a ward and access the personal information of 14 patients.

In February 2023, an unauthorised person gained access to a ward. Due to a lack of identification checks and formal processes, the non-staff member was handed a document containing personal information of 14 people and assisted with administering care to one patient.

The data was taken off site by the person and has not been recovered. While the hospital had CCTV installed, the wall socket with the CCTV had been accidentally turned off by a member of staff prior to the incident. The police have not been able to identify the person or recover the lost data, hindered by the lack of CCTV footage.

The ICO’s investigation concluded that NHS Fife did not have appropriate security measures for personal information, as well as low staff training rates. Following this incident, NHS Fife introduced new measures such as a system for documents containing patient data to be signed in and out, as well as updated identification processes.

Patient data is highly sensitive information that must be handled with the appropriate security. When accessing healthcare and other vital services, people need to trust that their data is secure and only available to authorised individuals.

Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access. We are pleased to see that NHS Fife has introduced new measures to prevent similar incidents from occurring in the future. – Natasha Longson, ICO Head of Investigations

Recommendations

The ICO recommended that NHS Fife could improve its data protection compliance by:

  • Improving the overall training rate, in line with current legislation. For example, refresher data protection training should be provided to all staff more frequently and underpinned by written guidance on security for employees The ICO has helpful resources on staff training.
  • Developing guidance or a policy in relation to formal ID verification.
  • Reviewing all policies available from their intranet, ensuring that they are all up-to-date and accurate, with archived versions clearly marked.
  • Revisiting the data breach reporting process and ensure relevant personal data breaches are reported within 72 hours.

The ICO has asked NHS Fife to provide an update of actions taken within six months of the reprimand being issued.

In light of this incident, all organisations should consider whether they have appropriate identification processes and training in place.

Related posts:

  • Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns
  • NHS Management, LLC issues updated statement about cyberattack in 2021
  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
  • UK: ICO finds three councils in breach of Data Protection Act
Category: Health DataNon-U.S.

Post navigation

← International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war
North Texas Municipal Water District hit by ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.