Hacks and Incidents

NHS Surrey fined £200,000 after losing patients’ records

NHS Surrey fined £200,000 after losing patients’ records: NHS Surrey has been fined £200,000 by data regulators over the loss of sensitive information about more than 3,000 patients.

Thousands of children’s patient records were found on a second-hand NHS computer that was auctioned on eBay, the BBC understands.

Regulators said NHS Surrey failed to check that a data destruction company had properly disposed of the records.

Three further computers that had been sold on eBay contained sensitive data.

UK watchdog the Information Commissioner’s Office (ICO) imposed the fine on the trust after patients across Surrey were affected by the data loss.

“The facts of this breach are truly shocking,” ICO head of enforcement Stephen Eckersley said in a statement.

“NHS Surrey chose to leave an approved provider and handed over thousands of patients’ details to a company without checking that the information had been securely deleted.

“The result was that patients’ information was effectively being sold online.”

Standard