NHS data breach reveals almost 10,000 patient records – are you affected?
The NHS was involved in a data breach that saw nearly 10,000 documents either stolen or missing from 68 hospitals last year. The breach, chronicled in a new research report by leading think tank Parliament Street, comprises 9,132 cases of stolen or missing documents.
The worst offender was University Hospital Birmingham, which accounted for 3,179 of the missing documents. Next up was Bolton NHS Trust, which saw 2,163 documents gone awry. University Hospital Bristol came in third, with 1,105 records gone.
READ NEXT: Can technology save the NHS?
As for why data breaches happen on this scale, commentators point towards outdated – and insecure – methods of documentation, such as handwritten notes. Rather than ensconce patient data on encrypted platforms, the NHS often opts to use cheaper and more vulnerable means of recording; 94% of NHS Trusts still use handwritten notes for patient record keeping.
However, data losses were not confined solely to tangible handwritten records. For example, while the Royal Devon and Exeter NHS Foundation Trust, which only uses paper case notes, revealed 425 of its records had been lost or stolen, Wigan and Leigh NHS Foundation Trust topped this number (albeit by one solitary case), despite only using an electronic database system.
READ NEXT: NHS loses laptop holding 8m patient records
Barry Scott, CTO of “Identity and Access Management Solutions” firm Centrify, commented on the breach, saying, “These incidents underline the need to improve security procedures around the management of health records within the NHS. With sales of health records on the dark web and identity fraud on the rise, the need to protect the privacy of patients whilst moving towards secure digital systems is both urgent and essential.”
“The health service remains a top target for hackers, and whether their motive is to wreak havoc or steal identities, it’s critical that every single patient record is treated as a high priority by Health trusts. Achieving this means ensuring only accredited doctors, nurses and staff can access private information, and providing encryption and identity access management solutions to keep cyber criminals locked out.”
The information in question was collated via the Freedom of Information Act (FOI) to request data pertaining to lost and/or stolen patient records.
This isn’t the first time the NHS has been in hot water due to its lax handling of data; back in 2011, the health service saw a laptop packed with 8.6 million medical records stolen from a North London storeroom. However, the latter incident was a one-off, while the current breach appears to be ongoing.
Thank goodness, then, for the £500 million investment the NHS will receive for a “digital transformation”. The overhaul is designed to inject more tech into the system, with a view to saving time and money, as well as improving patient safety and outcomes. While the exact nature of the technology that’s being rolled out isn’t yet known, we’d be shocked if it didn’t entail shoring up precarious databases. Watch this space.