Public Health England data breach risks

nurse snooping medical records

The healthcare sector is widely viewed as a prime target for cybercriminals, who seek to take advantage of organisations that hold a wide array of sensitive information. While hospitals are often seen as hotspots of data theft and misuse, peripheral healthcare organisations are not always considered in the data breach threat. In view of this, the risk of a Public Health England data breach is something that should always be considered.

Public Health England has wide-reaching responsibilities relating to the improvement of the general health of our population, and the provision of services for health and social care. In fact, according to its own website, one of Public Health England’s key purposes involves “researching, collecting and analysing data to improve our understanding of public health challenges, and come up with answers to public health problems”. To fulfil this goal, Public Health England must handle large quantities of potentially sensitive information.

Organisations like Public Health England also have important data protection responsibilities, with the obligation to ensure that the information in its possession is stored and processed securely. When a data controller fails to meet this responsibility, this is where real people can be harmed, and that is where we can step in.

Public health services data breaches

The coronavirus pandemic demonstrates the responsibility of health services in nationwide public health emergencies. Test and Trace was set up by the UK government in 2020 to track and manage the spread of the virus, but it was unfortunately at the centre of a serious data breach incident last September, as well as an array of criticism.

In an error by Public Health Wales, the personal details of approximately 18,000 Welsh residents who had submitted positive Covid-19 tests were published online. The mistake led to initials, dates of birth, sex, and geographical area data being exposed for several hours before being taken down. While this information may not have made the victims clearly identifiable, it nevertheless constituted a significant lapse of data security and did adversely affect victims involved.

Public Health England data breach – what could the impact be?

These kinds of data breaches demonstrate the potential scale and impact of any kind of Public Health England data breach. Profiling the health of the population comes with its risks if an organisation does not adhere to data protection principles, as the effects of such a breach can be significant and wide-reaching.

In fact, the possibility of a Public Health England data breach emerged in 2018, when it was revealed that the organisation had disclosed anonymised records of almost 180,000 lung cancer patients to an American law firm, which was reportedly found to represent Philip Morris International, a major cigarette company.

Medical data breach compensation claims

If a Public Health England data breach were to occur, those affected could be eligible to claim compensation. Data controllers are obliged to stick to the principles of data protection law, so when they fail to do so, they can be held liable via a data breach claim.

As leading specialists in data protection law, Your Lawyers has been representing victims for privacy matters since 2014, developing expertise through major data breach group actions such as those against British Airways and the 56 Dean Street clinic.

To receive free, no-obligation advice from our expert team, contact us today or register your details for a call-back.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.