A data breach, in general, can be worrying, but when your health records are breached, it can be extremely stressful, especially if it has fallen into the wrong hands. We’re here to inform you of the potential consequences of a medical records breach.
Some people are very open with their friends and family about their medical history, sometimes choosing to share details on social media platforms such as Instagram or Facebook. But, there are, of course, those who would rather choose to keep such details about their life private.
When a breach of medical records occurs, that privacy and choice are taken from them. So, what are the potential consequences that could happen if your medical records are breached? Let’s find out…
In most instances, when a data breach occurs, no impact comes from it, but there is still the off chance that the medical breach can fall into the wrong hands. This could include personal information like names, address, phone numbers, email addresses, and credit card details.
Those who have obtained your data could choose to participate in financial or identity theft. However, that’s not all, as they may even release information about you that you or they might consider damaging to your reputation.
If a hacker has access to your sensitive details through the medical breach, there is the possibility that they will be able to access and empty your bank account, personal savings, investments etc., leaving you empty handed.
Release of your medical details in a breach could result in a person impersonating you and committing identity theft. Having access to your data means that they could possibly be able to create fraudulent bank accounts under your name and apply for credit.
Furthermore, this could potentially lead to debt being created in your name even though you are not responsible for it, which may result in your credit score being damaged.
If you are faced with a data breach, it is likely that you are also experiencing some sort of financial loss. This is especially the case if you have had to take time from work to resolve the issue, as well as consulting in legal advice, which can be costly and time-consuming.
The emotional worry when a medical breach has happened can be stressful enough for a person, even if nothing does come from the medical breach. Certainly, if the victim has a vast medical history that they would rather not disclose to anybody apart from medical professionals, then the sheer thought of exposure can be distressing for them.
However, if you are faced with a medical breach that has caused financial problems for you due to hackers stealing your identity or money, then this could create even more of an impact on your mental health.
For example, a recent NHS medical data breach led to a person’s HIV status being revealed. This is something that is understandably private to a person and not necessarily something that they wish to share with everyone.
The amount of medical data breaches that occur in the health sector is scarce compared to the sheer volume of patients who visit their GP and hospital each day. Yet, they do still happen and, on average, the amount of data breaches reported are higher than other sectors.
Information Commissioner’s Office (ICO) records from 2017 to 2018 show that a total of 1,214 breaches were reported from the health sector. Those reported by the ICO in 2017-2018 happened due to the following reasons:
- Data posted or faxed to the incorrect recipient – 225 incidents
- Loss or theft of data – 183 incidents
- Data emailed to the incorrect recipient – 162 incidents
- Data left inappropriately – 97 incidents
- Failure to censor data – 62 incidents
- Failure to use bcc when emailing – 35 incidents
- Loss or theft of an unencrypted device – 32 incidents
- Principle 1 breach (Lawfulness, fairness, and transparency) – 30 incidents
- Inappropriate dismissal of data – 23 incidents
- Verbal disclosure – 19 incidents
These statistics show that there is a recurring theme where breaches are being largely caused by human error. It’s also down to the failure to implement processes that have been specifically put in place for GDPR, and to prevent such incidents from occurring.
It suggests that those who are transferring data or directly contacting patients regarding their health need to be more aware of who they are sending sensitive details to. This way, they can prevent medical data breaches from happening. By not being conscious of their mistakes, they are putting their medical patients at risk and damaging the reputation of the NHS or the medical business that they work for.
Not only can a medical record data breach be bad for yourself, but it can also be extremely damaging for others involved, such as the NHS in the UK or private medical businesses. An example of this is in 2019, when The American Collection Agency (AMCA) was hacked for eight months resulting in a large data breach that caused their parent company to file for bankruptcy.
Other medical data breaches that happened in the UK have caused the NHS to be faced with large claims due to the impact that it has caused the victim both financially and mentally. In September 2020, personal information, including initials, date of birth, gender and geographic area of 18,000 people who had tested positive for COVID-19, was uploaded onto a public server.
Clearly, there’s still a lot that needs to be done to protect our personal data. If you have been contacted advising of a medical data breach where your records have been leaked, we would recommend immediately seeking legal advice where a professional solicitor will be able to assist you.