Security Don`ts: Patient Data Faxed to the Wrong Number for Months

The Information Commissioner`s Office slapped a London Community Healthcare trust with a £90,000 fine after it was found guilty of faxing confidential patient`s data to the wrong number for months.

The breach was discovered in March when patient lists from the Pembridge Palliative Care Unit, intended for St John`s Hospice, were faxed to the wrong number. The process went on for three months, in which 45 faxes revealing sensitive personal information from 59 individuals have been disclosed to an unauthorized party.

The receiver claims to have shredded all the incoming documents upon arrival once their importance has been evaluated, so that he can protect the privacy of the listed individuals.

While no actual harm came from this inadvertent data exposure, Stephen Eckersley, ICO`s Head of Enforcement, said this data was sent to the wrong people for three months without anyone noticing it.

The investigation conducted by Information Commissioner`s Office revealed that the trust lacked proper measures for ensuring that sensitive data information was sent to the right recipient and that the members of the staff lacked the proper training in using adequate data protection measures.

Serving as a fine example that cyber-attacks are not the only cause for data breaches, this should raise awareness that proper staff training is also required when dealing with sensitive information that`s broadcasted via all types of communication channels.