Security News > 2023 > December > Regulator says stranger entered hospital, treated a patient, took a document ... then vanished
NHS Fife is on the wrong end of a stern ticking off by Britain's data regulator after it made a howling privacy error that aided an as yet unknown person who had entered a hospital ward only to walk off with data on 14 patients.
Due to a "Lack of checks and formal processes" the unauthorized individual who was not employed by the health service was "Handed" a document containing the personal data of 14 patients, and even helped administer care to one, the ICO investigation found.
The ICO told NHS Fife that its security measures were insufficient for personal data retention and low staff training rates hadn't helped.
The ICO says NHS Fife broke Article 5 of the UK GDPR. A newly installed system for documents and updated identification processes are among the fixes.
"Patient data is highly sensitive information that must be handled with the appropriate security. When accessing healthcare and other vital services, people need to trust that their data is secure and only available to authorised individuals."
The ICO has dished out reprimands to numerous public sector bodies in recent years, including to NHS Lanarkshire when staff were swapping photos and patients' personal info via WhatsApp, or Surrey Police and Sussex Police for using a calling app to record phone conversations as well as to illegally retain that data.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/01/nhs_health_board_ticked_off/