3 min read

NHS Security Systems, Data Protection Questioned after Repeated Patient Record Losses

Filip Truta

August 23, 2018

NHS Security Systems, Data Protection Questioned after Repeated Patient Record Losses

A new study by the Parliament Street think tank has revealed that the UK’s National Health Service (NHS) lost nearly 10,000 patient records between 2017 and 2018. After facing the ‘biggest ransomware’ offensive in history, NHS trusts lost hundreds of thousands of additional documents.

The Parliament Street research team liaised with 68 NHS trusts through the Freedom of Information Act (FOI) to obtain data on lost or stolen patient records.

The team discovered that, in the last financial year, the University Hospital Birmingham reported the largest number of records 'unavailable' for outpatient clinic appointments: 3,179 documents in total.

The second-largest figure was Bolton NHS Trust, which was unable to provide 2,163 records at the time of the patient appointment. The third-largest trove of missing patient records was reported by University Hospital Bristol (1,105). The hospital later recovered those records, researchers point out.

Only 16% of institutions lost no records. In all, 9,132 patient records were lost between 2017 and 2018. More recently, NHS lost an additional 162,000 medical documents. The number adds to 702,000 pieces of paperwork already known to have been lost.

“This particular issue that the NHS faces questions the integrity of the software they have in place and the security of paper documents,” Parliament Street researchers said.

Despite Parliament Street's findings, research from Healthwatch has found that more than three quarters of the British public say they continue to trust the NHS with handling their private data. Moreover, 73 per cent of the public is willing to have the NHS use their personal information to improve on the healthcare service they provide.

The healthcare industry has been heavily battered by cybercriminals in the past two years. Stolen health records are a valuable commodity on the dark web, where extortionists are willing to pay handsomely in exchange for the data to assist in their fraud or extortion campaigns.

A study by Ponemon Institute found that the average cost for each lost or stolen record containing sensitive and confidential information has increased by 4.8 percent year over year. For healthcare businesses, the value of a lost or stolen patient record – which can be read as cost or damage for the healthcare institution – has reached $408.



Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

You might also like