A massive NHS data breach affecting 150,000 people in England was reportedly caused by a simple coding error with GP software.
The SystemOne application used by GPs reportedly failed to record patient objections to their data being shared for reasons excluding when it is required for help and care. This meant that those who had specifically opted-out for health data sharing have had their health data shared without their consent because the objections were not passed over to NHS England’s IT provider.
One simple software issue leads to a massive NHS data breach…
Massive NHS data breach was avoidable
This massive NHS data breach was totally avoidable given that the cause was a simple coding error. We would expect there to be tests run and monitoring of systems when coding is implemented – a basic protocol that we ourselves follow when we make changes to our software – yet this error went unnoticed.
NHS Digital is reportedly going to write to the 150,000 patients affected by this massive NHS data breach, and it’s understood that the Information Commissioner’s Office (ICO) has been informed about the breach.
Will the NHS face a GDPR fine as a result of this breach? If so, it could prove incredibly costly for the taxpayer…
Not the first incident of its kind
This massive NHS data breach is not the first incident of its kind. In fact, the news comes just weeks after another NHS coding error was blamed for hundreds of thousands of patients not receiving potentially life-saving invitations for breast screening.
These coding errors are clearly leaving patients vulnerable to risks, and although the growing use of technology in the NHS can be incredibly useful, they must ensure to avoid these errors that can cause actual physical harm to patients.
Unreserved apologies have been offered in the aftermath of this massive NHS data breach, but for the victims whose data has been shared without their consent – in fact, shared completely against their specific wishes – the damage has already been done.