British Healthcare Organization Fined £375,000 for Data Breach
| Topic : Security and Compliance
Several publicized data breaches last year resulted in significant financial damage for major companies, and healthcare organizations continue to fall victim to data loss.
Brighton and Sussex University Hospitals NHS Trust in Britain is facing a £375,000 fine after computer hard drives containing patient information were stolen last year and eventually placed on eBay. The trust is challenging the proposed fine, which would be the largest ever handed down by the Information Commissioner's Office for violation of the Data Protection Act.
"As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives stolen by this individual. We are confident that there is a very low risk of any of the data from them having passed into the public domain," Trust chief executive Duncan Selbie said in a statement. "We have subsequently received a notice from the ICO proposing a fine of £375,000 which we are, in the circumstances, challenging."
According to the United Kingdom Press Association, the hard drives included personal information on tens of thousands of patients and staff. The report said a suspect was arrested and bailed several times, but police officials decided to take no further action. The theft occurred when the trust subcontracted the destruction of the 232 hard drives, the source reported.
The data breach is one of several recent data loss incidents are British healthcare organizations. According to a BBC News report, a former Royal Liverpool University Hospital medical assistant was recently fined £500 after admitting to accessing the private medical records of her ex-husband's family. The ICO said obtaining other citizens' personal health records is a serious offense and can have a significant impact on the individuals involved.
A recent CompTIA report said that healthcare organizations will increasingly use cloud computing to secure electronic medical records (EHR), as insider data breaches have become common.