NHS trusts ‘misplace’ 10,000 patient records in major security breach

Red alert for NHS security standards as new research reveals major document losses across 68 health trust. Barry Scott CTO of cybersecurity firm Centrify warns stolen documents could be sold on the dark web

by News Reporter on 20 August 2018 13:45


The National Health Service (NHS) has lost almost 10,000 patient records in the last year, according to new research from leading tech think tank Parliament Street. The findings are disclosed in a new report entitled ‘NHS Data Security: Protecting Patient Records’ examines the amount of patient records that have been misplaced from NHS trusts in the last year. The report discovered that overall, 9,132 patient records from 68 hospitals had been reported missing or lost in the last financial year.

Researchers discovered that there were 3,179 records missing or stolen was the University Hospital Birmingham, followed closely by Bolton NHS trust at 2,163 records misplaced. The third largest was University Hospital Bristol with 1,105 records lost.

Barry Scott CTO EMEA, Centrify warned that document losses could lead to criminal activity.

He said: “These incidents underline the need to improve security procedures around the management of health records within the NHS. With sales of health records on the dark web and identity fraud on the rise, the need to protect the privacy of patients whilst moving towards secure digital systems is both urgent and essential.

Scott continued, “The health service remains a top target for hackers, and whether their motive is to wreak havoc or steal identities, it’s critical that every single patient record is treated as a high priority by Health trusts. Achieving this means ensuring only accredited doctors, nurses and staff can access private information, and providing encryption and identity access management solutions to keep cyber criminals locked out.”

Wigan and Leigh NHS Foundation Trust reported 426 lost or stolen documents despite using an electronic data base system and Royal Devon and Exeter NHS Foundation Trust reported 425 documents lost or stolen and stated they only used paper case notes.

The report also found that 94 per cent of NHS Trusts still use handwritten notes for patient record keeping, despite often having electronic record system software in place. The information was gathered though the Freedom of Information Act (FOI) to request data into lost or stolen patient records and the use of handwritten notes.

Key recommendations from the report state that NHS trusts should work to abolish handwritten notes in hospitals to prevent loss of personal documents and to introduce a patient identity protocol in order for patients to have up to date information on their medical records.

blog comments powered by Disqus