Tewksbury Hospital Admits Data Breach By Former Employee

A former employee stands accused of inappropriately accessing over a thousand patient records without authorisation.

It’s believed more than 1,100 patients may have had their medical records viewed without reason for a 14-year period.

Authorities were alerted to the data breach when a former patient raised concerns that their medical records may have been accessed inappropriately online. An internal review found that a hospital employee had indeed accessed the records “without a good reason” to do so. From there, it was found that the same employee had accessed a huge number of former and current patient medical records without authorisation or grounds to do so.

Department of Health Investigation

The relevant Department of Health have been conducting an investigation over the multiple data breaches spanning from 2003 to May 2017. The unnamed employee obtained access to a range of personal and sensitive information, including:

Names
Addresses
Phone numbers
Dates of birth
Gender
Diagnoses
Medical treatment

It’s also believed that, for some patients, Social Security Numbers may have also been compromised.

Why were the records accessed?

No information has been offered as to the employee’s intentions for accessing the patient records.

So far, there has also been no confirmation that the information has been copied and shared anywhere else.

Officials are aware that, with the wealth of information compromised, people could be at serious risk. With social security numbers, the employee could easily steal someone’s identity, or sell the information on to malicious organisations as well.

No evidence of information being misused

Officials do not believe the information has been misused. The culprit has reportedly been dismissed and no longer has access to patient records.

The hospital in question has taken action to implement further security measures to ensure patient records and personal information have greater protection from unauthorised internal and external access.

How has this happened for 14-years?

It’s simply shocking that this kind of data breach could be allowed to happen for 14-years. Tewksbury hospital may also be taking steps to review and implement security protocols to ensure across-the-board compliance, alongside with appropriate monitoring to ensure everyone follows data protection rules.

The Department of Health and Human Services has offered individuals some helpful advice if they suspect misuse of personal data:

Notify authorities of the loss of personal data and request for an initial fraud alert to be placed on your bank account for 3 months
Order a credit report and check it for any sighs of suspicious activity
Request a security freeze (though this may impact the individual’s own access to their accounts).

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.