In this day and age, we’re all well aware that organisations hold a large amount of our personal data. While we’re mostly acceptant of this fact, that’s only because we trust these same organisations to keep our data secure and out of the hands of cybercriminals and fraudsters.
Unfortunately, that doesn’t always happen. Data breaches take place every day, in both Pakistan and the UK, as human error or security flaws result in sensitive data being exposed. What happens to said data will largely depend on the nature of the breach, but it goes without saying that no one wants to see their private information out in the open.
Medical records are particularly sensitive for many people, which is why a breach of medical data is treated incredibly seriously, no matter what an individual country’s data breach laws look like.
In this article, we discuss how the Covid-19 pandemic has affected the healthcare industry, bringing in various data breach examples to illustrate the importance of safeguarding your data.
How Does a Healthcare Data Breach Occur?
There are a number of ways in which a healthcare data breach might occur in both the UK and Pakistan, with these explanations being consistent across various other industries. In 2020, Verizon published a Data Breach Investigations Report, which revealed the six most common ways organisations can fall victim to a data breach.
A physical incident may involve something as simple as the theft of paperwork, or a device such as a laptop or mobile. Simply misplacing a physical patient record could lead to a significant data breach.
This may occur where a member of staff misuses information they’ve been given access to, which may happen when an organisation fails to set up appropriate access controls.
Malware is a catch-all term for any type of malicious software which is designed to exploit a programmable device, service or network. A healthcare provider may unintentionally install malware by opening an email attachment or clicking a false advertisement.
Many data breaches are the result of social engineering techniques, such as phishing. One of the most common examples is where a fraudster poses as a legitimate source in an attempt to extract private data, before committing fraud, selling the data on, or holding it ransom.
Data breaches aren’t always the result of someone acting maliciously – they can also be an honest mistake made by an employee. An obvious example of human error leading to a data breach would be if an employee sends an email to multiple recipients but makes the mailing list public.
Criminal hacking is likely to be the first thing you think about when the topic of data breaches is brought up. If a healthcare provider has weak security in place, it will be an immediate target for hackers who will use their specific expertise to steal personal information.
Why Did Covid-19 Effect Healthcare Data Breaches?
Covid-19 had a profound societal impact beyond the immediate threat to our physical health. As everyone was suddenly forced to practice social distancing and work from home where possible, this resulted in a number of unique data security threats, both in the UK and Pakistan.
While hospitals in the UK and Pakistan were running well beyond capacity, plenty of staff, such as those in administrative roles, began to work remotely.
Statistics have indicated that data protection guidelines were not strictly followed by people who were forced to work from home for the first time. In fact, many workers have suggested that they received no data protection guidelines at all, nor did they receive and any specific training for handling data.
This meant that data breaches were practically an inevitability – including in the healthcare sectors of the UK and Pakistan.
Examples of Recent Healthcare Data Breaches
NHS Trust Accidentally Uploads Personal Information of 18,000 Patients
In September 2020, a UK National Health Service (NHS) Trust revealed that it had mistakenly uploaded the personal information of over 18,000 members of the public who had previously tested positive for Covid-19.
The breach, which was caused by human error, exposed the initials, date of birth, geographical area and sex of 16,179 individuals. For the remaining 1,926 victims, the data breach may have exposed the fact that they lived in a shared zip code to a nursing home.
An external investigation was swiftly carried out into the circumstances and what lessons could be learned to prevent the issue from being repeated.
Vaccine Booking Website Exposes Medical Details
The Covid-19 vaccination process got underway in the UK very quickly, meaning that there were always likely to be flaws in the general process. However, this did not excuse a catastrophic data breach that leaked confidential medical information on a Covid vaccination booking website.
NHS Digital’s website allowed users to use basic identity information to book a vaccination but, in the process, users’ vaccination was disclosed. This meant that it was possible for anyone who possessed the personal details of a friend, family member, colleague or stranger to find out information that should be confidential.
“This is a seriously shocking failure to protect patients’ medical confidentiality at a time when it could not be more important,” said Silkie Carlo, the director of privacy group Big Brother Watch.
“This online system has left the population’s Covid vaccine statuses exposed to absolutely anyone to pry into. Date of birth and postcode are fields of data that can be easily found or bought, even on the electoral roll.”
Have You Ever Been the Victim of a Healthcare Data Breach?
In this post, we’ve discussed how and why healthcare data breaches have been affected by Covid-19. With the world having been changed permanently by the pandemic, the number of healthcare data breaches may continue to rise over the coming years. As a result, it’s up to healthcare providers to take their data protection responsibilities seriously.
Have you been a victim of a data breach following Covid-19? If so, feel free to share your experiences in the comments below!