, ,

Woman has her medical records unlawfully accessed by her ex

As our health and social care system becomes digital, it is vital that there are adequate and robust protections in place to secure the data held within it. And that healthcare staff have the knowledge and ability to handle such information securely.

In a recent case, we saw the impact of what can happen when an employee accessed the medical records of his ex to get hold of her personal information.

What happened in this case?

In this case, our client was informed by a mutual friend that her ex-partner had unlawfully accessed her medical records. He could do this because a local NHS Trust employed him.

Our client complained to the Trust, and it admitted the data breach.

The breach revealed our client’s home address and contact details to her ex-partner. He was also able to establish every occasion that our client had received or been discharged from services provided by the NHS Trust.

As a direct result of this data breach, our client suffered significant stress and anxiety due to the fact that the information was distributed amongst numerous other people.

Turning to Hayes Connor Solicitors for help we were able to secure damages of £3,500.  In response, our client has provided some lovely feedback describing her experience with Hayes Connor solicitor James Kelliher:

 “Would like to say the service I experienced was 110% all the way through thanks to James. I’m glad I found his service on the internet and rang ASAP for help with my data breach claim. If anyone has any doubts or worries about data breach then James is the one to help you. I appreciate what he’s done for me so very much. Fast and very friendly service and can’t speak more highly of him. Once again thank you James.”

Lessons learned

The healthcare sector handles some of our most sensitive personal data, and, as patients, we have the right to expect this will be looked after. However, all too often this isn’t the case.

Hospitals and other healthcare organisations need to do more to protect sensitive patient data. It is vital that there are adequate and robust protections in place to secure patient information and to ensure that it is only accessed by those people who need it to ensure the provision of medical care and support.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

notjusthackers
, , ,

NHS family member shared confidential medical information

When it comes to medical data breaches, in most cases, it is human error rather than cybercrime that leads to information falling into the wrong hands. But what happens when someone deliberately accesses and shares your private and sensitive medical records?

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was revealed by a family member working for the NHS.

What happened in this case?

In this data breach, the sister-in-law of our client (who was a NHS staff member), accessed the NHS system and then shared personal details about our client with the rest of her family. This included specific information about our client’s baby.

As a direct result of this violation, our client’s relationship with family has broken down. She has received threats from a family member resulting in police involvement, and has to deal with the ongoing worry of further danger.

In response, our client has suffered stress, anxiety attacks and trauma. Ultimately she has required medication to be prescribed to help manage the psychological effects of this terrible breach of trust.

To make matter worse, the breach has meant that our client can no longer continue her university studies, so she has also suffered the loss of expenses, and the opportunity to progress her career.

Lessons learned

NHS employees have a duty of confidentiality not to divulge private information. But in this case, this duty was disregarded. And, while the family member who accessed the data is responsible for this, the NHS must do more to protect patient information. For example, by designing systems that only allow the specific specialists, doctors or consultant allocated to a patient to have access to their data.

Also, every staff member accessing a patient’s records should provide a reason for doing so. And all NHS employees should receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, ,

What can happen when your ex gets access to your financial information?

When we think about data breaches, we often worry about hackers and cybercriminals getting hold of our banking details. But in some cases, significant damage can be caused when our financial situation is made available to people much closer to home.

In a recent case, our solicitors saw the impact of what can happen when a bank statement was sent to an ex-partner’s address by mistake.

What happened in this case?

In this data breach, our client’s bank sent personal information disclosing his financial situation to his previous address, where his ex-partner still lived. This happened despite our client changing his address with his bank five years ago.

Our client’s ex-partner then disclosed this information to her friends, family and acquaintances; causing him significant distress and embarrassment. Furthermore, due to the disclosure of his financial position, our client’s ex-partner also refused him access to their children and prevented him from taking them on holiday.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress and anxiety.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly. You are completely within your rights to ask for a copy of the data your bank (or any other organisation) holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address (as in this case) but it is a good safety precaution to take. Find out more about making a SAR.

Lessons learned

If you are an employee of a bank and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. Such steps could include things like additional data protection training, making sure that all updated addresses and information are saved in the correct field, and checks and balances on systems generating correspondence.

In many cases, data breaches can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

notjusthackers
, ,

Can you trust solicitors to look after your personal data?

At Hayes Connor, we’re committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone who has been let down by their solicitor.

In a recent case, we saw the impact of what can happen when a client’s personal information wasn’t looked after by the person they trusted to represent them.

What happened in this case?

In this data breach, a former member of the Armed Forces appointed a solicitor to represent her at a Tribunal she was involved in. However, this solicitor lost her sensitive information, including her medical and service records on a train.

Following this shocking data breach, the woman suffered severe psychological effects including stress, anxiety and trauma. As a result, she has been prescribed medication, and her ongoing conditions have been exacerbated.

Turning to Hayes Connor for help, she revealed that her mental health had deteriorated to such an extent that it affected her ability to leave the house, and led to in her being demoted in work, resulting in a substantial pay cut.

Lessons learned

Solicitors must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information – both in and out of the office.

In many cases, data breaches can be avoided by solicitors abiding by the data protection principles of their firms. But it is up to these firms to make sure that all employees receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

At Hayes Connor, our process is fully compliant with ICO guidance and we never put your details at risk.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data breach solicitors
, , ,

What can happen when medical information falls into the wrong hands?

The world is rapidly going digital. And, this online information revolution has seen most organisations move away from paper record keeping. However, over the last few years, such information has proved a lucrative target for hackers.

But, when it comes to information falling into the wrong hands, in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, HM Courts & Tribunals Service (HMCTS) sent a copy of a confidential medical report to a person’s former partner by mistake. The report from a doctor said that the man (our client) was depressed and suicidal.

Once our client’s ex read the report – a document that she should never have had access to – she used its contents in an application to reduce his contact with his children. This application was successful (the court was not aware how this information was obtained).

As a direct response of the admin error, this data breach has had a devastating impact on our client. Having reduced contact with his children has caused him considerable distress and upset as well as aggravating his mental health problems.  So, in this case, the consequences have been particularly severe.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly.  You are completely within your rights to ask for a copy of the data an organisation holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address, but it is a good safety precaution to take. Find out more about making a SAR.

You should also ask any organisation that has access to your medical records about what type of information they share and with who.

You can also choose not to have your medical information shared or used for any purpose beyond providing your own treatment or care. This choice is known as a national data opt-out. Find out more about the national data opt-out.

Of course, there may be instances (as in this case) where you need or want to share this information. Likewise, your confidential patient information may still be used when there is a legal requirement to provide it.

Lessons learned

The duty of confidentiality goes beyond undertaking not to divulge confidential information; it includes a responsibility to make sure that written patient information is kept securely.

If you are an employee of a medical organisation or a government agency or department and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. This is especially important if you deal with sensitive information such as medical reports. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, , ,

Woman threatened after her gym shared her home address with another customer

Data breaches are never out of the news. But while most of us worry about getting our identity or money stolen after a hack, we don’t tend to consider the possibility of physical threats. But, in a recent case, our solicitors saw the impact of what can happen when a woman’s address was handed to an angry customer by mistake.

What happened in this case?

In this data breach, a gym provided a woman’s personal details (our client) to another customer who shared her name.

This other person had received emails from the gym intended for our client. The emails were sent chasing missed payments. Confused as to why she was receiving the emails, the other woman became concerned that she had become the victim of identity theft. And, when she questioned the outstanding payments with the gym, a member of staff supplied her with our client’s home address.

Following this, the woman’s father went to our client’s home and banged on her door, accusing her of attempting to “clone” his daughter’s identity. Our client was at home with her two young children, one of who is disabled, and she found this experience both frightening and upsetting.  She then contacted the gym to find out what was going on and received an apology for the mix-up.

However, the other woman’s father still did not understand that our client was not at fault. And, when our client returned from holiday, she received three letters from him, all of which contained threats. As a result, she reported the incident to the Police and Action Fraud.

It seems despite becoming aware of the situation, the gym continued to send emails to the wrong woman demanding payment. These emails also disclosed some of our client’s bank card number.

As a direct response of poor systems, and a failure to cross-reference their systems to identify distinguishing features between both customers, this data breach has caused our client considerable distress, upset and even fear. As such the consequences of the error were particularly upsetting.

Have you been in a similar situation? Contact us today.

What can you do to stop this from happening to you?

There are a few lessons that can be learned from this case. For example, when handing over your email address to an organisation, it is vital that you check that these details have been taken down correctly.

You are completely within your rights to ask for a copy of the data a business (or any other organisation) holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.

Of course, this won’t guarantee that an error doesn’t result in an email going to the wrong address, but it is still a good safety precaution to take.

What’s more, if you do find yourself in a similar situation to our client, like her you should report the incident to the Police and Action Fraud. Action Fraud is the UK’s national reporting centre for fraud and cybercrime in England, Wales and Northern Ireland.

Find out more about Action Fraud here.

Alternatively, if you are an employee of a gym or any other business and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the information you hold on your customers is correct. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, ,

Are hospitals doing enough to protect patient confidentiality?

One in 13 patients will have their records stolen after a healthcare provider data breach[1]. However, despite the headlines, fraudsters don’t just use the internet to get their hands on our sensitive information. So, while hospitals are looking at what they can do to protect our online data, they must also look at improving security measures to prevent unauthorised physical access to sensitive medical records.

In an unusual case, our solicitors saw just how one fraudster was able to get his hands on sensitive medical information by impersonating a member of the hospital’s medical team.

What happened in this case?

In this data breach, a woman (our client), was a patient in hospital having just given birth. However, while she was there a fraudster impersonated a doctor to obtain information about her personal medical situation.

A student nurse provided the highly sensitive information to the imposter, which included details about a disease which our client had recently been diagnosed with, and with which she was struggling to come to terms with.

To date, nothing untoward has happened to our client following this incident, and there has been no contact from the person who obtained her medical records. But as she still does not know who accessed her data, and what might be done with, this situation is incredibly disturbing, and understandably this uncertainty has caused the woman considerable distress.

Lessons learned

Hospitals and other healthcare organisations need to do more to protect sensitive patient data.

All too often employees are involved in healthcare data breaches, and as such, employee training and awareness must form a core part of any security strategy and measures.

In this case, the hospital in question subsequently investigated the incident and agreed to improve their security systems and internal practices. Just simple steps such as ensuring that all members of staff wear ID at all times can make a big difference.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.


[1] Accenture

notjusthackers
, ,

The importance of looking after sensitive candidate information during the recruitment process

When applying for a job, we trust recruiters and the places we hope to work with a vast amount of sensitive information. But all too often this isn’t looked after as well as it should be.

In a recent case, our solicitors saw the impact of what can happen when sensitive information supplied as part of a job application was processed incorrectly.

What happened in this case?

In this data breach, the individual managing the recruitment process wrongly addressed sensitive applicant information and failed to send it by recorded delivery or hand delivery, as was the company’s standard purported practice.

The documentation included the following material:

  • A copy of the applicant’s passport
  • A copy of her driving licence
  • A copy of her birth certificate
  • Two letters to prove her address/identity
  • Copies of her NVQ certificates.

The information has still not been recovered and therefore remains a potential threat to our client.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress, anxiety and trauma. So much so that her GP has prescribed medication.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

data breach
, ,

Hospital gives sensitive pregnancy discharge pack to wrong woman

Before they leave hospital, new mothers are given a set of postnatal notes, with information about their labour, delivery and postnatal care in hospital.

In a recent case, we saw the impact of what can happen when this personal pregnancy discharge pack was given to the wrong person by mistake.

What happened in this case?

Following the birth of her son, a woman was contacted on Facebook by a woman who knew her name, address and other personal information. Due to the personal information disclosed via the message she thought she was being contacted by her estranged mother and sister. This caused her considerable upset.

However, it eventually became clear that she was being contacted by a stranger who had been given her pregnancy discharge pack and the personal details of her son by mistake. This happened despite the fact that the other woman had attended a completely different hospital in a different town from her.

As a result of this data breach, the woman suffered stress, anxiety and trauma, which resulted in her needing medication from her GP.  She has also suffered from ongoing flashbacks of family problems.

Lessons learned

The healthcare sector handles some of our most sensitive personal data, and, as patients, we have the right to expect this will be looked after. However, all too often this isn’t the case.

Hospitals and other healthcare organisations need to do more to protect sensitive patient data. It is vital that there are adequate and robust protections in place to secure patient information and that healthcare staff have the knowledge and ability to handle such data securely.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, ,

Bank sends credit card statements to the wrong person

Financial crime is a hot topic at the moment, with stories about push payment fraud and takeover fraud leaving people worried about what could happen if they became the victim of a bank scam.

But in many cases, its human error rather than cybercrime that is the biggest cause of financial data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when a person’s financial information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a bank sent partial credit card statements to the wrong person. The information was sent to a completely different person to the account holder (our client), attached to the back of a bundle of documents she had requested.

Luckily, in this instance the woman who received our client’s statements was honest, and despite being a complete stranger she contacted him to let him know what had happened. She also reported the incident to her local branch, although she was not satisfied with how the bank proposed to deal with the matter. If such a simple error can be made, what’s to say it couldn’t happen to other customers?

As a direct response of this admin error, this data breach has caused considerable distress and worry to our client. He has now lost confidence in his bank and can’t be sure if his sensitive and personal data has been further breached.

Lessons learned

Banks, credit card providers and other financial institutions need to do more to protect sensitive financial data.

All too often staff are involved in such data breaches, so employee training and awareness must form a core part of any security strategy and measures.

If you are an employee of a financial organisation and want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that this doesn’t happen to you. Such steps could include things like additional data protection training, secure systems for storing information, checks and balances on systems generating correspondence, and measures to ensure that the correct information is being sent to customers.

This is especially important if you deal with sensitive financial information which could cause serious harm if it falls into the wrong hands.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.