November 29, 2016

Healthcare Security Breaches Aren’t Slowing Down

The medical sector handles some of the most sensitive personal data in existence, with the result that it is often the target of information thieves. According to an article on, the healthcare sector suffers more data breaches than any other sector in the UK, with half of all data breaches reported to the Information Commissioner’s Office (ICO) originating from public and private health organisations.

Notable recent examples of healthcare security breaches include:

  • The theft of a laptop from a care home in Northern Ireland, which led to the sensitive personal details of the care home’s residents being exposed
  • A GP practice revealing confidential details about a woman and her family to her estranged ex-partner, resulting in a fine of £40,000 being levied against the practice by the Information Commission
  • An NHS trust was fined £180,000 after revealing the email addresses of more than 700 users of an HIV service

To date in 2016 the ICO has issued over £420,000 in fines for breaches in the medical sector.

With breaches in the medical sector at an all-time high, the importance of wide-reaching healthcare security safeguards cannot be overstated. All areas of healthcare organisations should implement these basic strategies to better manage internal threats and protect healthcare data.  

Employee training: An important theme in the 2016 Shred-it State of the Industry Report, employee training to reduce errors and improve information security has to be ongoing and company-wide with both theoretic and practical information.

Mobile device policies: As mobile devices increasingly play a role in diagnosis, delivery and management of healthcare, safeguards must be in place. A mobile device policy should cover best practices in and out of the workplace. It should also provide sufficient budget for IT safeguards like data encryption.  

Regular data risk assessments: Identify areas of risk and improve information security best practices by doing an information security risk assessment regularly. For example, an organisation may learn it should update its legacy systems – many experts say healthcare providers rely on outdated software systems for patient record storage.  

Enforceable internal procedures: There are lots of  data 'touch points' in healthcare organisations. A comprehensive Document Management Policy will improve patient information handling. Provide multilayered security programs. Implement a Clean Desk Policy to protect data from prying eyes. A Shred-it All policy will remove the risk associated with employees having to decide what information is confidential, and what isn’t. Partner with a reliable document destruction company for secure destruction of paper and digital information.

Protect your workplace from insider fraudsters by knowing where they strike most often. Download this infographic to learn which areas are most vulnerable.