Plymouth Hospital Admits Data Breach Affecting 1,291 Patients
University Hospitals Plymouth (UHP) NHS Trust has confirmed a significant data breach, affecting 1,291 patients whose email addresses were accidentally shared in November 2023. The incident, described by Deputy Chief Executive Jo Beer as a “genuine human error,” involved a spreadsheet containing patient email addresses from a “digital patient passport” research trial being inadvertently sent to 21 internal staff members, some of whom were not authorized to view the sensitive data.

The breach poses a potential risk to the affected individuals, as their email addresses could be exploited for phishing attacks. UHP has acted swiftly, unreservedly apologizing to those impacted and reporting the incident to the Information Commissioner’s Office (ICO). Furthermore, the trust has directly contacted all affected patients to inform them of the breach, offer support, and advise them to remain vigilant against suspicious emails. This proactive communication aims to mitigate further harm and reassure the community.
This incident has significant local impact, undermining trust in a crucial local healthcare provider and highlighting the ongoing challenges of data security within the NHS. For the residents of Plymouth, particularly those who participate in research aimed at improving local health services, this breach is a concerning setback. UHP has stated it is implementing additional measures to prevent a recurrence, emphasizing its commitment to patient privacy and data protection, vital for maintaining community confidence in local healthcare initiatives.
(Source: https://www.bbc.com/news/articles/c9dx2ve85zwo?at_medium=RSS&at_campaign=rss)

