Three years since the NHS Digital data breach

new gdpr rules for international data transfer

In July 2018, NHS Digital – the IT and data department for the NHS – was at the centre of a significant data breach. The incident was caused by a system error for which NHS Digital was responsible and affected approximately 150,000 patients nationwide. These patients had chosen to opt out of their information being used for reasons unrelated to their own healthcare, but the defect in the system meant that their wishes were not fulfilled.

It is incredibly worrying for an organisation of this stature to have been embroiled in such a wide-reaching, impactful data breach, particularly where sensitive medical data is involved. All patients have a right to exert proper control over who accesses their data and for what reason, but the NHS Digital data breach, unfortunately, denied patients of this right.

We believe that the incident constitutes a clear example of data protection negligence, which is why we are helping those affected to claim the compensation that they deserve. If you were adversely impacted by the NHS Digital data breach, you can contact us for free, no-obligation advice on your potential compensation claim and join others already claiming on a No Win, No Fee basis now.

How did the NHS Digital data breach occur and what was its impact?

The news of the NHS Digital data breach came in July three years ago, when it was reported that the NHS Digital system had failed to record patients’ requests regarding the use of their medical records. All patients in the NHS had been given the opportunity to opt out from the use of their information for reasons outside of their medical care, such as for research or auditing.

However, a problem that was described as a “coding error” meant that those who had decided to opt-out had not had their response observed by the system. In theory, this meant that 150,000 patients’ data could have already been passed on to researchers.

Claiming compensation for a data breach

Medical data is widely regarded as some of the most sensitive information about an individual, so its exposure can have serious consequences. It does not matter if the data system error arose unintentionally, as the misuse of private information does not have to be malicious to constitute a breach of data protection law. This means that anyone affected by the NHS Digital incident could be eligible to recover compensation.

In a data breach claim, victims could be eligible to recover compensation for the distress caused by the incident, and for any financial losses which may result from issues like fraud. While victims of the NHS Digital data breach are unlikely to have suffered a financial impact, they may have suffered severe emotional distress or a psychological injury, both of which could lead to significant compensation pay-outs.

Make your claim

No one should have their consent disregarded when it comes to personal data processing, which is why the law can entitle victims of data breaches to make compensation claims. Making a claim can both enable you to recover damages and hold the data controller responsible for their actions, and we can help you to access this justice.

Contact our specialist team to receive free, no-obligation advice on your case to see if we can help you on a No Win, No Fee basis.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.