Heimdal
Home > Cybersecurity News

Staff at NHS Lanarkshire Exposed Patient`s Data on Unauthorized WhatsApp Group

The Team Used the Group for Communication During Covid Restrictions.

Last updated on August 2, 2023

article featured image

Contents:

The Information Commissioner’s Office (ICO) revealed that 26 staff members of NHS Lanarkshire shared patients` information on a WhatsApp group. The group didn`t have the organization`s approval for processing data about the NHS patients.

The team got access to the social media platform to facilitate communication during the pandemic. BBC wrote that according to NHS Lanarkshire, they were supposed to use it for basic information only. The organization reported the incident to ICO, UK’s data protection regulator, as soon as they discovered it.

We recognise that the team took this approach as a substitute for communications that would have normally taken place in either a clinical or office setting, but was not possible at that time due to Covid restrictions.

However, the use of WhatsApp was never intended for processing patient data.

Trudi Marshall, health board’s director of nursing

The Risk Assessment

The team was supposed to use the WhatsApp group created in April 2020 for administrative purposes and crisis planning only. However, the discussions drifted. The NHS employees used WhatsApp to share sensitive data about their patients, such as:

  • full names,
  • phone numbers and addresses,
  • images and videos,
  • clinical information.

Compliance Matters

Although the staff did not misuse or acted unprofessionally with the data, exposing it on a social media platform could put the patients` privacy at risk.

Information Commissioner John Edwards recommends organizations consider a risk assessment before allowing communication on such platforms. ICO admonished NHS Lanarkshire for not enforcing appropriate policies, clear guidance, and processes in this case.

Additionally, if healthcare employees use random communication platforms to share documents and discuss patients` data, there is one more risk. The staff might overlook information that is important for the patient’s medical records.

For the moment, no harm seems to have been done. Authorities decided not to fine the health board since it is clear that NHS Lanarkshire experienced huge pressure during the pandemic.

Free Cybersecurity Support for NHS Trusts

It`s worth knowing that Heimdal ® decided to offer professional cybersecurity support to NHS trusts.

The company has made an announcement to provide free ransomware protection licenses to NHS trusts until August 31st, 2023. This offer will help the trusts to stay compliant with both legal and industry regulations while also benefiting from two years of free ransomware protection.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

In Response to Widespread Attacks Heimdal Offers Free Ransomware Protection to NHS Trusts487 Million WhatsApp Users Mobile Numbers for Sale on Hacking ForumUK NHS Hit with Ransomware AttackHeimdal® Successfully Completes SOC 2 Type II and ISAE 3000 Examination, Indicating Strict Security Standards ComplianceA Step-by-Step Guide to Cybersecurity Risk Assessment

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V