Oswestry Orthopaedic Hospital has reported a data breach involving patients who were taking part in a study.
The hospital, based in Shropshire near the Welsh border, confirmed the data breach in a report to the Shropshire Clinical Commissioning Group’s governance board. The data breached has been described as confidential information, and an investigation is believed to have been initiated.
It’s understood that the data breach has been reported to the Information Commissioner’s Office (ICO).
The data breach at the Oswestry Orthopaedic Hospital is understood to involve a number of patients taking part in a long-standing study, whose data has reportedly been released without their permission. Little is known as to whether this medical data has been breached by way of an accidental leak, or whether it has been inadvertently disclosed without appropriate authority.
The report states that:
“The trust has reported a confidential information leak/information governance breach to the CCG. A full root cause investigation is in progress.”
It’s understood that they are taking “appropriate action” as well as the data breach being reported to the ICO, and victims of the breach will be contacted.
Another hospital data breach…
Unfortunately, medical data breaches are very common, and the healthcare sector leads the stats when it comes to the most data breaches. What makes this fact even worse is that hospital data is often very sensitive and very personal. It’s one thing to have your name and address disclosed, but to have your personal medical data disclosed can be another problem entirely.
We advise and represent a lot of hospital data breach victims, and the distress that can be caused to the victims can be huge.
A ‘vicious cycle’ of medical data breaches
We seem to be in somewhat of a ‘vicious cycle’ where the cause of medical data breaches can be pinned down, in many cases, to funding issues. A lack of funding in up-to-date systems and security can leave the healthcare sector vulnerable to attacks like the WannaCry hack we witnessed last year, where the malicious software was able to target older (and therefore more vulnerable) systems.
The damage this attack caused to the NHS was huge.
On top of that, in the absence of proper funding for systems and protocols to stop leaks and breaches happening internally, the constant issue of medical data breaches looks like it won’t be ending anytime soon.
A story to watch
We’ll be keeping a close eye on this data breach as further news develops, and although we do not know a great deal yet as to how many victims of the data breach there may be, nor do we know a lot about the nature of the medical data that has been disclosed, we may be able to assist anyone who has been notified that they are affected.
Please don’t hesitate to contact the team if you need to.