Security News > 2023 > March > NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients

NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients
2023-03-31 09:35

In a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy instead of Blind Carbon Copy meaning the recipients could see each other's email addresses.

This is according to Britain's data watchdog, the Information Commissioner's Office, which has "Reprimanded" the Health Board, which serves a regional population of some 320,000 people and has an annual operating budget of £780 million.

The error took place in June 2019 when a member of staff opened the prior group email and copied all those on the list and emailed a newsletter to the the group of 37 "Data subjects" - aka patients - without using BCC. Efforts to recall the mail failed.

"The stakes are just too high. Research shows that people living with HIV have experienced stigma or discrimination due to their status, which means organizations dealing with this type of information should take the utmost care with their personal data."

"Every HIV service provider in this country should look at this case and see it as a crucial learning experience. We are calling on organizations to raise their data protection standards and put the appropriate measures in place to keep people safe," he said.

Also in late 2021, NHS Digital found itself in an embarrassing situation when it failed to hit BCC when sending invites to a NHS Digital's Full Digital Breakfast: Let's talk cyber event on four occasions.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/31/nhs_highland_reprimanded_by_data/