Another NHS body has breached the Data Protection Act after a network access failure, the Information Commissioner's Office (ICO) has confirmed.
Lax IT security measures were to blame, as the NHS Birmingham East and North allowed employees to potentially access restricted sensitive data, the ICO said today.
Workers at two other nearby Trusts could have accessed the information as well.
Organisations are still getting basic data protection wrong, deputy commissioner David Smith told delegates at the InfoSecurity 2011 conference, being held in London this week.
"A lot of this is basic stuff. My key message... of course the technical side of security is important... but there is still a big message about the basics," he said.
"So many organisations are not getting the basics right."
Despite disappointment surrounding such failings, Smith said the message was at least partially getting through to UK firms.
Of all cases reported to the ICO in 2011, 45 per cent were due to loss or theft of data. This figure stood at 60 per cent last year.
More powers
The ICO also today welcomed additional powers to fine organisations for the most serious incidents of making unwanted marketing phone calls or sending unwanted marketing emails to consumers.
For such cases, the 500,000 cap remains in place something Smith indicated the ICO would like to see bumped up, even though it has proven adequate so far.
The additional powers will form part of an amendment to the UK's Privacy and Electronic Communications Regulations (PECR), coming into force on 25 May 2011.
The changes to PECR also cover the need for websites to ask for permission before using cookies to track user behaviour.
"The ICO has been calling for increased powers to regulate breaches of PECR for some time," said information commissioner Christopher Graham.
"We will be issuing guidance to reflect the changes that are being introduced."
-
Two more NHS Trusts have been hit with cyber attacks – here’s what we know so farNews A flaw in a third-party device management tool appears to be the source of the incident
-
NHS England launches cyber charter to shore up vendor security practices
News Voluntary charter follows a series of high-profile ransomware attacks
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
NHS supplier hit with £3m fine for security failings that led to attack
News Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
