Header image

NHS staff warned of jail time for unauthorized patient data access


The UK's National Health Service (NHS) has issued a stern warning to its staff regarding unauthorized access to patient data, emphasizing that such actions can lead to imprisonment, according to Infosecurity magazine. 

The NHS is implementing a new awareness campaign and updated guidance for healthcare organizations to prevent, monitor, and report unauthorized access to patient records. This initiative follows several high-profile incidents, including the dismissal of 11 staff members and warnings issued to 14 others for unlawfully accessing records related to the Nottingham knife attacks.

Additionally, an investigation was launched after approximately 40 staff members at a Cambridgeshire hospital accessed a seriously injured child's records without proper justification. The Information Commissioner's Office (ICO) also recently issued a caution to a former healthcare worker who attempted to sell patient records.

The guidance clarifies that staff found accessing data without a legitimate reason will be reported to the ICO and police, facing potential criminal prosecution, loss of employment, and professional accreditation. Healthcare organizations are urged to implement technical controls such as least-privilege policies and multi-factor authentication to mitigate these insider risks, especially as the NHS expands its electronic patient record systems.
Source: Infosecurity Magazine
Kelley Damore
Kelley Damore Chief Content Officer CyberRisk Alliance

Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.

Kelley Damore
Kelley Damore Chief Content Officer CyberRisk Alliance

Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.

Upcoming Events

No events found.