Thousands of hospital workers affected as personal details emailed to private addresses

Data breach
Data breach

The chief executive of West Herts’ three hospitals has apologised on behalf of the Trust for another failing – this time relating to a series of staff data breaches.

Samantha Jones wrote to staff at Hemel Hempstead, Watford and St Albans hospitals earlier this month to let them know of three information governance breaches, which were self-reported to the Information Commissioner’s Office.

Ms Jones said: “On two separate occasions, two members of staff sent staff data to their personal email address so that they could work on it whilst out of the office.

“This is against Trust policy and the staff members will be subject to appropriate disciplinary procedures.

“In addition, on a third occasion, staff data was accidentally sent to a staff member at another NHS trust.

“I can confirm that the data has been deleted from all three email accounts to which it was sent, which means the risk for our staff is minimal.”

The breach did not relate to patient data and an investigation will be launched.

The Trust has also taken some immediate steps to help prevent the error happening again, including introducing an automatic IT block on similar emails being sent, reminding staff of our email security protocols and providing additional training and education for staff around the handling of personal identifiable information.

Ms Jones continued: “I have apologised on behalf of the Trust Board to our staff and we have established an information line for those who may have questions.

“We also advised them that although the emails have been deleted and the risk to their personal data security is minimal, they should remain vigilant and report any irregular activity.”

The type of data which was leaked included information such as name, date of birth, national insurance (NI) number, address, salary, professional registration and, if supplied by the staff member, sexuality and religion:

In total, more than 4,000 staff were affected across the three breaches.

Also this month, the Trust’s chief executive has apologised to a mother whose delayed cancer diagnosis caused her illness to become terminal.

The data breach follows a similar failing by Herts Police who leaked details about those connected to anti-social behaviour crimes on a localised section of a government website.