data breach experts
,

Has the Bupa data breach put your privacy at risk?

Last month, Bupa was fined £175,000 by the Information Commissioner’s Office (ICO). The latest data breach fine handed out by the regulator came after a rogue Bupa employee inappropriately copied and removed customer information to sell on the dark web.

A subsequent investigation by the ICO found that the health insurance provider failed to have adequate security measures in place to protect its customers’ personal information.

547,000 Bupa Global customers were affected, and 43,000 of those customers had a correspondence address in the UK.

If you are a Bupa customer whose data was put at risk, you should now consider a data breach compensation claim.

What happened in the Bupa data breach case?

Between 6 January and 11 March 2017, a Bupa employee stole the personal information of 547,000 Bupa customers and offered it for sale on the dark web. The member of staff extracted information from Bupa’s customer relationship management system and sent to this to his personal email account.

The compromised information included names, dates of birth, email addresses and nationality.

Bupa was alerted to the breach by an external partner who spotted customer data for sale. The advertisement on the dark web said:

 “DB [database] full of 500k+ Medically insured persons info from a well-known international blue chip Medical Insurance Company. Data lists 122 countries with info per person consisting of Full name, Gender, DOB, Email Address plus Membership Details excluding CC Details”

Bupa informed the ICO that its data had been compromised and an investigation was launched. The employee was dismissed, and the police told about the crime.

What was the result of the Bupa data breach investigation?

Commenting on the Bupa data breach, ICO Director of Investigations, Steve Eckersley, said:

“Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it.

“Our investigation found material inadequacies in the way Bupa safeguarded personal data. The inadequacies were systemic and appear to have gone unchecked for a long time. On top of that, the ICO’s investigation found no satisfactory explanation for them.”

The investigation also uncovered that Bupa’s systems put 1.5 million records at risk.

Bupa has been fined £175,000 for the data breach. But, due to the timings of the offence, the case was not dealt with under the new GDPR. The current data protection laws allow the ICO to hand out much more substantial fines so it could be argued that Bupa got away lightly.

What should you do now?

Bupa has said that it has contacted all affected customers. And, if you have suffered damage or distress caused by Bupa’s breach of the Data Protection Act, you have a right to claim compensation.

You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So you should seek compensation for a failure to look after your information correctly.

How much compensation could you get for the Bupa data breach?

At Hayes Connor Solicitors we have already been contacted by Bupa customers distressed that their personal information was not looked after as carefully as it should be.

And, because we’ve been helping people to get the compensation they deserve for over 50 years, we know what it takes to make a successful data breach claim.

Data breaches often have severe consequences for those affected, and in this case, you could be entitled to around £1,500 (or more depending on your circumstances). And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

REGISTER NOW TO FIND OUT HOW WE CAN HELP YOU.

nhs digital data breach
,

Can you make a NHS data breach claim?

Last month it was revealed that 150,000 patients had their confidential data used without their consent. This NHS data breach was the result of GP practices using software that failed to prevent information being used for research purposes despite patients objecting.

This shocking error is a breach of the Data Protection Act and those affected are within their rights to start a claim for compensation. Any patients affected will have received a letter from NHS Digital.

However, this isn’t the only time our health service has failed to protect the people it is supposed to. In fact, earlier this year we reported on another NHS data breach, after it was revealed that the Bayswater Medical Centre left sensitive patient records, registration forms and repeat prescription information in an empty and unsecured building for over a year.

In this case, the Information Commissioner’s Office (ICO) fined the healthcare provider £35,000 for its negligence. And, with medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre should also be looking to claim compensation.

NHS data breaches are on the rise

Across the UK, our healthcare is rapidly going online. And, this is a good thing when it comes to providing services that are fit for purpose in our digital age. However, as the online information revolution sees our medical organisations move away from paper record keeping, it is vital that there are adequate and robust protections in place.

However, over the last few years, healthcare and the NHS has proved a profitable target for hackers, leading to a rise in medical data breaches. So much so that one in 13 patients will have their records stolen after a healthcare provider data breach.

The healthcare industry is one of the most vulnerable to cyber-attacks as two high profile data breaches highlight.

  • In March 2017, an IT system widely used by GPs allowed access to patient records by anyone using the same platform. This meant that the sensitive and confidential records of 26 million patients could be viewed by thousands of receptionists, clerical staff and pharmacists, even if they had no medical reason to review them
  • In May 2017, the WannaCry ransomware attack severely disrupted NHS operations, leading to cancelled appointments, diverted patients and suspended A&E services.

You can see a list of other NHS data breaches on the ICO website.

How do you make a NHS data breach compensation claim?

At Hayes Connor, we can help you make claims against a wide range of healthcare organisations already fined by the ICO. We can also keep you updated on upcoming and current healthcare data breach claim investigations.

We can make medical data breach claims against:

  • GPs
  • Pharmacies
  • Hospitals/NHS Trusts
  • Dentists
  • Opticians
  • Individual healthcare staff
  • Private health companies.

To claim compensation in a medical data breach case, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm, as well as anguish and anxiety. In fact, if you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful NHS data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

nhs digital data breach
,

Major NHS data breach revealed

It has been revealed that 150,000 patients have had their confidential data used without consent. The shocking breach comes just one month after the GDPR placed new data protection obligations on organisations operating in Europe.

If you are affected, you may be able to start a claim for compensation.

What happened?

In this case, confidential personal data –given on the basis that it was to be used to provide medical care – was exploited for clinical audit and research purposes by the NHS, without the consent of patients.

It is understood that the breach occurred due to a software error which failed to correctly record objections to patient data being used for research purposes. Software developer TPP has “apologised unreservedly” for the mistake and has said that it is working with NHS Digital to fix the error.

NHS Digital has informed the Information Commissioner’s Office (ICO) and the National Data Guardian for Health and Care, and investigations are now taking place.

Have you been affected by the NHS data breach?

All GP practices using the software have been contacted to make sure they are aware of the issue. Likewise, any patients affected will receive a letter from NHS Digital. However, while there is no risk to patient care, if the thought of your data being used in a way you did not agree to has caused you distress, you should start a claim for compensation.

Healthcare breaches are on the rise

Healthcare is rapidly going digital. And, this online information revolution has seen most organisations move away from paper record keeping. However, as our health and social care system becomes digital, it is vital that there are adequate and robust protections in place to secure the data and information held within it. And that healthcare staff have the knowledge and ability to handle such data securely.

In reality, over the last few years, healthcare has proved a lucrative target for hackers, leading to a rise in medical data breaches. In fact, one in 13 patients will have their records stolen after a healthcare provider data breach.

While in this case it was a software error that led to the data being misused, the distress felt by patients is just as concerning.

How can you start a claim for compensation?

If you have objected to your data being shared by NHS Digital for any purpose other than your individual care (type 2 objections), you may have a claim for compensation. The objections not upheld were made between March 2015 and June 26th 2018.

If you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful medical data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

Start a claim for compensation

, , ,

Can you make a data breach claim against the Bayswater Medical Centre?

The Bayswater Medical Centre has been found guilty of a serious data protection breach. The London based GP and healthcare provider has been fined £35,000 by the Information Commissioner’s Office (ICO) after it left highly sensitive medical records, registration forms and repeat prescription information unsecured in an empty building for a year and a half. The data was left on decks, in unlocked cabinets, on windowsills, and in bins.

With medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre may now be able to claim compensation.

What happened in this case?

The breach occurred after the Bayswater Medical Centre vacated a practice but continued to use the building for storage. The failure to protect sensitive patient data was only discovered after another GP practice visited the site to take over the lease.

Perhaps most worryingly, despite repeated warnings from the new surgery and a local Clinical Commissioning Group, Bayswater Medical Centre did nothing to collect and secure the sensitive information.

Concerns were escalated to NHS England (NHSE). And, when officers investigated the building, they found that “it would have been apparent to anyone looking through the window that the premises were abandoned and patient files left littered throughout the premises with windows left ajar with potential access”. Medical records were also left on a windowsill, with the blinds not closed and the window not secure. NHSE also reported that the building was secured by a single lock, and had no other physical security measures such as an alarm. In fact, just one week after the records were eventually removed, the building was broken into.

What was the result of the investigation?

The ICO has called the breach a “serious contravention” of data protection legislation that could lead to serious damage and distress for victims. In fact, the ICO said that any concerns by patients went beyond mere irritation and that fears about data falling into the wrong hands were understandable – even if such fears didn’t actually happen. As such, the ICO found that the severity of the breach merited a £35,000 fine.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter that the data remained secure in the building and didn’t fall into the hands of criminals. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

If you registered with Bayswater Medical Centre before July 2015 (even if you have since moved to another practice), and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Before the General Data Protection Regulation came into force in May 2018, organisations were not obligated to tell individuals if their data was breached, so, you may not know if your medical records were put at risk. But if you are in any doubt, it’s worth finding out, and we can do this for you.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.