A recent postbox theft at a GP surgery in Norwich has demonstrated the sometimes unexpected forms that data crime can come in. In late May, Hellesdon Medical Practice is understood to have informed its patients that a postbox had been stolen by an unknown person, causing a severe data breach due to the private correspondence it contained.
Data security incidents like this may be relatively small in scale compared to the huge cyberattacks affecting large companies in the digital age, but they still have the potential to severely impact the victims. The Hellesdon Medical Practice data breach also raises questions about how we can ensure the security of documents sent in the post, particularly when we don’t have the benefit of firewalls and encryption, as we often do in digital data transfer.
Any data exposure incidents involving physical records should be treated with the seriousness they deserve, as they can still constitute a breach of data protection law. Where a third-party data controller fails to effectively protect your information, you could be eligible to claim compensation for the harm caused.
Incident at Hellesdon Medical Practice – what happened?
Hellesdon Medical Practice was reportedly targeted by a thief between 11th and 12th May, when the surgery’s postbox was stolen. The postbox reportedly contained correspondence that included patients’ repeat prescription forms to be sent to local pharmacies. Although the practice has reassured those affected that the offender would not be able to access their medical records through the prescription form, it is possible that some of the stolen documents detailed patients’ names and addresses, so the theft could constitute a severe breach of their privacy and a security risk.
Staff at Hellesdon Medical Practice are said to believe that incident may have been carried out by someone trying to access medication to feed an addiction. For this reason, the relevant pharmacies have been told to take precautions when patients call in to pick up prescriptions.
The police are said to be looking into the incident, and the Information Commissioner’s Office (ICO) was also contacted in the wake of the incident.
Security concerns when posting private data
The incident at Hellesdon Medical Practice calls into question the security of their postal methods being used for data transfer. The practice manager has stated that CCTV will now be installed to monitor the postbox and the exterior of the practice, which shows that this security measure could perhaps have been taken before now.
Another potential security recommendation is that such sensitive information should not be left in a postbox overnight, when there is no one there to watch out for break-ins. We anticipate that the ICO may make recommendations of this kind upon the conclusion of their investigation. There is also the question about how secure the box was in the first place.
Data breach compensation claims
At Your Lawyers – as leading specialist Data Leak Lawyers – we know that any leakage of confidential information can be concerning for the victims, no matter how small-scale the incident may be. Where a third party has compromised your data security, you may be eligible for a compensation claim
We can even offer No Win, No Fee representation to eligible claimants, so contact us for free, no-obligation advice on your case today.