Thousands of data breaches reported by councils and hospitals
PUBLISHED: 06:55 01 July 2018
Thousands of people’s personal information has been leaked by Suffolk and Essex organisations in the past three years.
Freedom of Information requests sent to councils, hospitals and police forces in the region has revealed frequent “data breaches”.
Breaches include data being incorrectly sent to the wrong person, lost USB sticks and envelopes mislaid in transit as well as cyber threats, attempted email fraud and unauthorised access to security cameras.
For the most serious cases, organisations reported the breaches to the Information Commissioner’s Office.
Three members of Colchester Hospital staff were dismissed for inappropriate access to data, while in other organisations employees have been suspended.
Essex County Council recorded 2,028 breaches from 2015-18 - the largest number in the response.
Breaches ranged from staff sharing ID cards or passwords to cyber threats, however the most related to disclosure of personal information. In four cases, the information was recorded stolen.
Suffolk County Council reported 490 breaches, with the number increasing over the three years. Breaches included verbal disclosures, data misuse, loss of encrypted devices and theft of paper work. All were investigated in line with the council policy.
Colchester hospital recorded 262 breaches - 18 reported to the ICO. Breaches included lost documents containing patient information. Three staff were dismissed for inappropriate accessing of data. A further 153 breaches were reported at Ipswich Hospital, seven of which were reported to the ICO. James Paget Hospital reported “no serious incidents”.
The 28 breaches at Ipswich Borough Council affected 317 people, mainly members of the public. Reasons included wrongly addressed bulk emails, a stolen mobile phone, lost clipboard and an allegation of improper accessing of data by an employee.
Two breaches were recorded at Babergh and Mid Suffolk councils, 10 at Suffolk Coastal and Waveney.
Braintree, St Edmundsbury and Forest Heath councils reported no breaches. However, Forest Heath said a third party had illegally gained access to a security camera. The third party was told to “immediately cease” and the case was reported to the ICO.
All organisations responding to requests for comment said they took breaches seriously and aimed to improve their processes.