Belfast Health Trust Gets £225,000 Data Breach Fine

Belfast Health and Social Care (BHSC) Trust has been slapped with a £225,000 fine after a data breach saw data on thousands of patients and staff posted online.

The breach happened when trespassers gained access to the Belvoir Park Hospital owned by BHSC Trust and took photos of patient records before posting them on the Internet.

Belvoir Park was one of many sites the BHSC Trust was tasked with managing after it was formed by the merging of six local Trusts in April 2007.

ICO steps in

An investigation by the Information Commissioner’s Office (ICO) found the Trust had not kept the information secure and should have destroyed much of the medical data it no longer required from the site.

“The severity of this penalty reflects the fact that this case involved the confidential and sensitive personal data of thousands of patients and staff being compromised,” said the ICO’s assistant commissioner for Northern Ireland Ken Macdonald.

“The Trust failed to take appropriate action to keep the information secure, leaving sensitive information at a hospital site that was clearly no longer fit for purpose. The people involved would also have suffered additional distress as a result of the posting of this data on the Internet.

“The Trust has therefore failed significantly in its duty to its patients and we hope that the action we’ve taken sets an example for all organisations that they must keep personal data secure, irrespective of where they choose to store it.”

The Belfast Trust accepted the fine, which it said would not harm patient care.

“Today Belfast Trust accepted the fine by the Information Commissioners
Office for a serious breach of data storage. The records concerned are historical and do not concern any current patients,” an emailed statement from the Trust read.

“This in no way excuses the distress this may have caused, something we apologise for. The fine will be paid from efficiency savings and will not affect patient care.”

A number of NHS bodies haven’t been as accepting of ICO fines. The Central London Community Healthcare (CLCH) NHS said in May it was going to appeal a £90,000 fine, whilst  the Brighton and Sussex University Hospitals NHS Trust is going to court to fight a £325,000 penalty.

Are you a security pro? Try our quiz!