The Poole Hospital data breach stemmed from the simple act of patient data being exposed from a stolen bag.
It’s understood that the stolen bag had been discarded and hidden in the hospital and contained patient data; the likes of which is always private and very sensitive. This is yet another simple data breach stemming from an entirely avoidable incident, and it doesn’t help the already problematic situation of healthcare sector data breaches.
Patients affected by the Poole Hospital data breach have been informed of the incident.
Poole Hospital data breach apology
An apology from the Trust in question has been issued in light of the Poole Hospital data breach. The Poole Hospital NHS Foundation Trust has reportedly said that they consider “any information breach as a very serious matter”.
This appears to be yet another case of patient data simply not being properly looked after by staff. Medical data is private and often very sensitive and there’s a very good reason as to why medical records are treated with such high confidentiality.
For a bag containing patient data to be stolen means the data simply hadn’t been properly looked after to ensure it was secure in the first place.
Will we see a GDPR fine for the Poole Hospital data breach?
There may be a GDPR fine over the Poole Hospital data breach for two reasons: firstly, the incident was entirely preventable, and secondly, it reportedly took place at the end of June, which is after the GDPR legislation came into force.
GDPR fines can run into the millions, and it’s expected that the Information Commissioner’s Office (ICO) will judge the level of a fines based on factors such as the volume of people affected by a data breach; the nature of the data breached; the level of data exposure; and the preventability of an incident.
The ICO has been informed about the Poole Hospital data breach, and we’ll be keeping an eye on developments in terms of punishments issued.