It is widely recognised that the NHS stores our personal information. This data ranges from medication, allergies, test results, and health conditions, to past and future referrals and appointments. This is stored electronically in order for the appropriate treatment to be administered when we require it. This is private, confidential, and sensitive information that should not be divulged without the prior consent of the patient. Whilst the NHS requires this type of information to be able to protect and promote the interests of both patients and the public, this can also lead to our privacy being invaded thanks to data breaches.
What is a Data Breach?
A data breach is an incident where data is seen by an unauthorised individual or group, compromising the private nature of the information. When looking at businesses or organisations, this can be personal information from a client or customer, or internal data such as sales figures or expense sheets.
UK NHS Foundation Data Breaches
We set out to see where the largest number of data breaches were experienced in the UK, within each local NHS foundation trust. We understand that large organisations such as the NHS undertake extensive security training and follow preventative measures such as abiding by GDPR rules. But, despite this, breaches still occur, and your sensitive medical information can be compromised. Therefore, we sent out Freedom of Information requests (FOI) to 229 NHS foundations across the UK, to question them on their data breaches over the last five financial years. Of those contacted, 152 responded. We focused on the NHS foundations that have experienced the largest number of data breaches of their patient’s private information due to human error. Our analysis also revealed the NHS foundations that have managed to minimise data breaches due to human error, and which places in the UK have seen the most improvement over the last five years.
Which NHS Foundation Trusts Experienced the Largest Number of Breaches?
The FOI results highlighted University Hospitals of Leicester NHS Trust as the UK’s NHS foundation that experienced the most human error-related data breaches. Since 2016, the NHS has recorded 8666 data breaches, with the years 2019 to 2020 experiencing the most, namely a total of 1999 breaches.
UK NHS Foundations with the Most Data Breaches 2016 – 2021
Our FOI request revealed that Nottinghamshire Healthcare is the second-worst NHS Foundation Trust in the UK when it comes to experiencing data breaches caused by human error, recording 3388 breaches overall. The worst year for Nottinghamshire Healthcare NHS foundation for experiencing data breaches was 2018 to 2019. In the period from 2017 to 2018, they experienced the lowest number: 626 data breaches. Sussex Community and Dorset Healthcare University NHS Foundation Trusts were third and fourth. Our FOI results revealed they experienced 3310 and 3017 data breaches respectively. Sussex Community NHS Foundation Trust experienced the majority of its data breaches between 2020 to 2021, recording 786. Dorset Healthcare University NHS Foundation Trust also recorded the most breaches between 2020 to 2021 at 672. Of course, whilst not every NHS foundation recorded thousands of breaches, plenty experienced their fair share of human error, leading to private information being compromised. Despite not having any data available for the period 2016 to 2017, Royal Devon and Exeter NHS Foundation Trust experienced 2236 breaches in just three years. Cumbria Northumberland Tyne and Wear NHS Foundation Trust were placed in the “top” 15 NHS foundations that experienced the most data breaches caused by human error, with 2155 overall. Their worst period was from 2018 to 2020, recording 898 breaches altogether.
Which NHS Foundation Trusts Experienced the Lowest Number of Breaches?
However, not all NHS foundations have experienced the same large numbers of breaches relating to personal information caused by human error. Norfolk and Suffolk NHS Foundation Trust had the lowest number of data breaches of all the NHS foundations that replied with data, recording only one in total between 2016 and 2021. Following the data from Norfolk and Suffolk NHS Foundation Trust, Kent Community Health NHS Foundation Trust and Countess Of Chester Hospital NHS Foundation Trust both recorded just four data breaches since 2016. Our FOI request results also revealed that University Hospitals Sussex NHS Foundation Trust experienced a huge change in their data breaches. They recorded only 68 instances of private data being compromised in 2016 and 2017. However, this figure has increased rapidly to 441 data breaches between 2019 and 2020, which is an increase of 548%.
UK NHS Foundation Trusts with the Least Data Breaches 2016 – 2021
Out of all the NHS foundation trusts that responded, there were a total of 11 NHS foundations that recorded single-digit numbers of human error-caused data breaches.
Most Improved NHS Foundations
Thankfully, many NHS foundations across the UK have controlled human error-caused data breaches. Our FOI request results revealed that South Warwickshire NHS Foundation Trust has seen an improvement in their number of data breaches. Between 2018 to 2019, they recorded 367 instances of private data being compromised. However, this figure has steadily decreased over the following years, to 197 breaches between 2020 and 2021, a 46% decrease. Derbyshire Community Health Services NHS Foundation Trust saw a similar trend between 2016 to 2017, as they recorded 265 breaches. However, 2020 to 2021 saw just 194 breaches recorded, which is a 27% decrease. University Hospitals of North Midlands had a big decrease in recorded data breaches in comparison to other NHS foundation trusts and have even managed to reduce them over the years. During 2016 and 2017, they recorded just two breaches. In the period from 2020 to 2021, they only had one data breach. Pretty impressive during the start of the pandemic!
The Overall Data
The total number of NHS foundation breaches has steadily increased over the years, starting at 16,590 in 2016 to 2017 and reaching a total of 25,414 in 2020 to 2021. The UK’s NHS foundations saw a total of 116,381 and an average of 787 human-caused data breaches compromising private information in the last five years. So, next time you’re visiting the hospital for a routine check, or even just asking your doctor for some medical advice, be aware of who you’re sharing your data with and how it’s going to be handled.
Methodology
We submitted an FOI to all English NHS foundations and 152 NHS foundations replied. The Freedom of Information requests were sent on the 20th of August 2021. Note: This study has been edited on the 20th of January and Coventry and Warwickshire Partnership NHS Trust has been removed from the top 10 list. We apologise for any inconvenience caused.