Home / News & Resources / News & Updates / Healthcare accounts for nearly half of all data breaches

Healthcare accounts for nearly half of all data breaches

  • Posted on

Healthcare accounts for nearly half of all data breaches

Last year was a challenging year for the healthcare sector, which is still feeling the after-shocks of the WannaCry global ransomware outbreak. And in 2018, we can expect to see an increase in attacks on the medical industry. Particularly as healthcare organisations remain hesitant to dedicate budget to cybersecurity.

According to research, the UK health sector accounts for nearly half of all data breaches. With the collective healthcare breach numbers almost four times more than the second highest sector (local government). The last few years have certainly seen healthcare prove lucrative for hackers, and led to a rise in medical data breaches, with one in 13 patients having their records stolen after a healthcare provider data breach.

Healthcare is going online, and this information revolution has seen most organisations move away from paper record keeping. But the healthcare sector handles some of our most sensitive personal data, and, as patients, we have the right to expect this will be looked after. However, as our health and social care system becomes digital, it appears that there are not yet adequate and robust protections in place to secure the data and information held within it. Following the WannaCry abuse, the vulnerability of the healthcare sector and the importance of improving its cybersecurity came into sharp focus.

Between January 2014 and December 2016, healthcare organisations suffered 2,447 incidents and accounted for 43% of all reported data breach incidents. However, when it comes to the reasons for these breaches, human error is the main culprit. So, in addition to worrying about external threats and ensuring the right technology and process are in place, more must be done to make sure that staff have the knowledge and ability to handle data securely.

Who is responsible for human error?

A company can be held liable for human error where it fails to ensure the proper security measures are in place. And, in a recent case, Morrisons was found "vicariously liable" for a disgruntled employee's actions when he deliberately published sensitive data of almost 100,000 staff online. What this means is that an employer can be liable for the actions of its employees, as long as it can be shown that they took place in the course of their employment. So, when it comes to defending compensation claims, human error or misbehaviour is no excuse.

Today, information shared in error is the single highest contributor to data breaches year-on-year, and when this data contains sensitive medical information, the potential damage and distress becomes all too apparent. For example, in recent cases investigated by the ICO, sensitive diagnosis information was sent to a neighbour and confidential details about a woman and her family were sent to her estranged ex-partner.

At Hayes Connor, we can help you make claims against a wide range of healthcare organisations already fined by the ICO. Of course, you may not know that your medical data has been breached until you read about it or see it in the news. But if you are in any doubt it's worth finding out whether your data was put at risk, because, if so, you may have a claim for compensation. We can also keep you updated on upcoming and current healthcare data breach claim investigations.


With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it's essential to act now.