26 April 2013

A GP practice, Burnett, in County Armagh has been using a free web-based email account to inform patients of upcoming appointments and results.  In october 2012 patients reported receiving odd emails asking for their bank details.

A breach had occurred when the email account had been hacked and about 175 patients email addresses and names were compromised.  Fortunately, on this occasion, no sensitive information was accessed.

The practice is taking action to improve the securing of patients information following the breach investigated by the ICO. Action includes, improving security around email and training of staff.

A statement by the ICO Assistant Commissioner of Northern Island makes known that using free email accounts within the health service is not acceptable. The health service has access to secure email accounts to avoid placing patient information at risk.

Luckily, the practice has avoided a substantial fine, as sensitive information was not put at risk on this occasion.