DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

U.K.: Hospitals urged to improve data protection standards following incident at NHS Fife

Posted on November 28, 2023 by Dissent

From the Information Commissioner’s Office:

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Fife, after an unauthorised person was able to enter a ward and access the personal information of 14 patients.

In February 2023, an unauthorised person gained access to a ward. Due to a lack of identification checks and formal processes, the non-staff member was handed a document containing personal information of 14 people and assisted with administering care to one patient.

The data was taken off site by the person and has not been recovered. While the hospital had CCTV installed, the wall socket with the CCTV had been accidentally turned off by a member of staff prior to the incident. The police have not been able to identify the person or recover the lost data, hindered by the lack of CCTV footage.

The ICO’s investigation concluded that NHS Fife did not have appropriate security measures for personal information, as well as low staff training rates. Following this incident, NHS Fife introduced new measures such as a system for documents containing patient data to be signed in and out, as well as updated identification processes.

Patient data is highly sensitive information that must be handled with the appropriate security. When accessing healthcare and other vital services, people need to trust that their data is secure and only available to authorised individuals.

Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access. We are pleased to see that NHS Fife has introduced new measures to prevent similar incidents from occurring in the future. – Natasha Longson, ICO Head of Investigations

Recommendations

The ICO recommended that NHS Fife could improve its data protection compliance by:

  • Improving the overall training rate, in line with current legislation. For example, refresher data protection training should be provided to all staff more frequently and underpinned by written guidance on security for employees The ICO has helpful resources on staff training.
  • Developing guidance or a policy in relation to formal ID verification.
  • Reviewing all policies available from their intranet, ensuring that they are all up-to-date and accurate, with archived versions clearly marked.
  • Revisiting the data breach reporting process and ensure relevant personal data breaches are reported within 72 hours.

The ICO has asked NHS Fife to provide an update of actions taken within six months of the reprimand being issued.

In light of this incident, all organisations should consider whether they have appropriate identification processes and training in place.

Related posts:

  • Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns
  • NHS Management, LLC issues updated statement about cyberattack in 2021
  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
  • UK: ICO finds three councils in breach of Data Protection Act
Category: Health DataNon-U.S.

Post navigation

← International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war
North Texas Municipal Water District hit by ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
  • Senator Chides FBI for Weak Advice on Mobile Security
  • Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
  • Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Kids are making deepfakes of each other, and laws aren’t keeping up
  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.