Hospitals and doctors’ surgeries host visits from large numbers of patients every day, and are treated as places of safety and refuge for those with health issues. Unfortunately, despite the fact that patient-doctor confidentiality is a principle at the heart of the medical profession, some hospitals and healthcare sector organisations are letting down the patients who trust them by failing to protect private data.
We constantly hear how much strain the NHS is under, but the lack of resources and staff is not often seen from the perspective of cybersecurity and data protection. In the wake of the coronavirus outbreak, NHS staff were put under even greater pressure to meet the demands of controlling the virus and, in some cases, data protection has been further neglected.
It is essential that healthcare organisations see data protection as a high priority, or they risk exposing patient data, as has already been the case in many previous healthcare data breaches. Whether it is a case of government funding or internal organisational issues, all healthcare organisations must step up and meet the challenge of the ongoing, and increasing, cybersecurity risks that they face.
The cost of failing to protect patient data
Medical data constitutes some of the most sensitive personal information, meaning that it is vital that hospitals and healthcare sector organisations take their data protection responsibilities seriously. Cybercriminals regard medical data as an incredibly valuable resource, equipping them to execute all kinds of profitable data misuse, whether it involves phone scams, phishing emails or holding data to ransom.
As an example of the sensitivity of patient data, the 56 Dean Street Clinic breach saw the exposure of hundreds of patients’ confidential HIV statuses. We are currently representing many of the affected victims for compensation claims.
The NHS cyberattack threat
Moreover, if we look at the issue of data protection from the perspective of healthcare organisations themselves, it is clear to see that they lose out in the long term when they fail to prepare for cyberattacks and prevent data breaches.
In some cases, hospitals and healthcare sector organisations pay out compensation to affected patients, but the operational cost can be even greater. In the wake of the WannaCry ransomware attack of 2017, the NHS was forced to cancel many appointments after systems were brought to a standstill. It was alleged that the attack cost the NHS £92m in total.
The WannaCry cyberattack later became the subject of controversy after it was revealed that cybersecurity recommendations had reportedly not been observed prior to the attack. Although the NHS is now said to be closing its cybersecurity skills gap by hiring more specialists, the health service may still have a long way to go to ensure that patient data is safe.
Holding hospitals and healthcare sector organisations to account
Where healthcare organisations have failed to observe data protection law, it is vital that they are held to account. No one can be excused because of a lack of staff and resources. If this is the problem, it must be tackled at the root by increased funding. From a purely financial perspective, investing in staff training and cybersecurity technology can help to prevent more losses in the long term.
As leading, specialist data breach lawyers, we are concerned about the impact of ongoing negligence on patients. We know just how distressing healthcare data breaches can be for those affected, which is why we want to help data breach victims to claim the compensation they deserve.
You can contact us today for free, no-obligation advice.