Home / News & Resources / News & Updates / What to do if your medical records are lost or stolen

What to do if your medical records are lost or stolen

  • Posted on

Medical data is often extremely sensitive and highly personal. Legal Director Christine Sabino addresses many of the concerns individuals have when they learn that their medical data has been lost or stolen and what our team can do to help.

There are a number of ways in which your medical records can be lost or stolen and, if this unfortunately happens, it is crucial that you understand what steps you should take.

In this article, we will discuss:

If you would like immediate advice from our data breach experts on lost or stolen medical records, you can call 0330 041 5135 or fill out our online claim form to start the claims process.

How are medical records stolen or lost?

Your medical records, or those of your family, can fall into the wrong hands for a number of reasons:


All organisations have a legal obligation to keep your personal data secure and out of the hands of unauthorised third parties. However, it is a fact that many companies do not have adequate security policies in place, resulting in sensitive information being compromised.

This could apply to your medical records. Any organisation or local authority which stores your medical records could be subject to an attack which they would ultimately be responsible for.

If a cybercriminal gang claims responsibility for a cyber-attack, leading to a data breach, they will typically have nefarious intentions and could hold your medical records ransom unless a fee is paid. The threat is often that these records will be released on to the ‘dark web’.

Human error

Human error is a common cause of many data breaches, including where medical records are compromised. A mistake could be as simple as an employee sending an email to the wrong person, or mistakenly leaving themselves logged into a device, resulting in medical records being seen by unauthorised persons.

While these mistakes may not always lead to an adverse outcome, this is by no means a guarantee. It is not possible to say what someone will do if they are given unexpected access to documents that are as sensitive as medical records.

In person

There have been many instances of physical medical records being stolen or lost after they have been misplaced in a public space. This could be as simple as a patient folder being left out in the open, or records not being correctly destroyed after a medical practice has closed down.

When someone gains access to a physical medical record, this can be just as damaging as if they are accessed digitally.

What can thieves do with stolen medical records?

Thieves and cybercriminals can potentially take a number of actions if they are able to steal medical records. As already discussed, if patient medical records are stolen by a cybercriminal, or group of cybercriminals, they could be held ransom. If the organisation that originally held the records does not pay the ransom (which is typically the case), they could be leaked on to the dark web.

Depending on the type of information that is contained within the medical records, you could also be vulnerable to attempts to extract further information. For example, if the medical records that have been stolen contain basic contact details, you could be subject to sophisticated ‘phishing’ attacks.

These types of attacks could result in you giving away personal information, including financial details, or expose you to malware that compromises the security of your devices.

Can I make a claim against a medical professional for the theft of my records?

It may be possible to make a claim for lost medical records compensation if a medical professional or organisation is deemed responsible. This is regardless of whether you have suffered direct harm as a result of the stolen or lost medical records.

If an avoidable mistake has been made, or the security processes in place were not robust enough to prevent an attack, leading to stolen medical records, the responsible party must be held accountable.

To make a data breach claim against the NHS, the breach can occur in any NHS organisation, including:

  • NHS hospitals
  • NHS trusts
  • GP surgeries
  • Opticians
  • Dentists
  • Pharmacies
  • Private healthcare organisations providing NHS services

Can you sue the NHS for a data breach?

Making a claim against the NHS for a medical data breach may be a difficult decision to make. However, it is essential that accountability for mistakes is consistently upheld, which means individuals certainly have a right to make a claim against the NHS, no matter whether they have suffered actual, or potential, financial loss or psychological injury because of a data breach.

What compensation can you claim for a breach of your medical records?

If your medical records are lost or stolen, which was caused by an organisation failing to protect your personal data, you could have a claim for compensation. Compensation can help to cover any direct financial losses caused by your medical records being breached, and the distressed caused by such an incident.

Financial losses

If your medical records have been stolen, this could potentially lead to both financial and identity theft. With enough information at their disposal, someone may be able to apply for credit in your name, set up fraudulent bank accounts and access any existing accounts you have.


Even where you have not directly lost out as a result of your medical records being lost or stolen, this does not necessarily mean that no harm has been done. Having personal information as sensitive as your medical records fall into the wrong hands is a highly distressing situation that can have a substantial impact on your mental and physical health.

A lack of sleep, feeling ill, being unsettled, stress and confusion are all common effects of having your medical records lost or stolen. This can also have an effect on your family, friends and your job.

What should I do to start a data breach claim?

Report to ICO

If your medical records have been stolen or lost, the Information Commissioner’s Office (ICO) needs to be made aware. If the ICO has not already acknowledged the incident, you can submit a report yourself.

If an investigation from the ICO demonstrates that mistakes were made, leading to the loss of your medical records, this can be used to support a claim for compensation.

Change details

In certain situations, it can be a sensible idea to update your credentials if you believe they were involved in the records that have been stolen. This could prevent further issues from arising and provide you with peace of mind.

Speak to a data breach expert

If your medical records have been lost or stolen, you could be in a position to claim compensation. This is something our data breach solicitors at Hayes Connor will be able to help you with.

Our team can meet with you to discuss your situation and the impact that having your medical records lost or stolen has had on your life. If we think that you have grounds to bring forward a claim, we can take you through the next steps to take and the sort of compensation you could be entitled to make a claim for.

How Hayes Connor can support you if you have been victim to a medical data breach

If your medical records are lost or stolen, our solicitors may be able to support you to make a compensation claim. Our team can act for clients on a no win, no fee basis, removing the financial risk of pursuing a claim and seeking lost medical records advice.

At Hayes Connor, we are one of the largest teams of data breach claims specialists in the country, with decades of combined experience in securing compensation for victims of data breaches. We can advise you on whether you are likely to have grounds for a claim, the level of compensation you may be entitled to and what you need to do to start a claim.

Our goal is to ensure that anyone who is affected by a medical data breach is able to get the compensation they deserve, while making the claims process as simple and stress-free as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form and we will get back to you shortly to let you know if we believe you have grounds for compensation.

If you would like to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135.