Citizens put great trust into health systems, and this includes the UK National Health Service (NHS). This is not only over patient care, but also for protecting privacy and keeping confidential medical records and our general data private. This is an ever-present matter of global concern.
Sometimes things go wrong, either with the processing of records and data breach related matters or from cyberattacks. In such circumstances, but what happens when data is exposed?
To explore this further, the company VPNOverview.com sent out Freedom of Information requests to 229 NHS foundations across the UK, to question them on their data breaches over the last five years, of those contacted, 152 responded. The company reviewed the findings and issued a report.
The data pattern reveals the NHS foundations that have had the most and least data breaches and which NHS foundations experienced the biggest improvements in their number of data breaches.
In terms of trending, the total number of NHS foundation breaches has increased steadily over the last five years starting at 16,590 in 2016 to 2017 and increasing to 27,327 in 2020 to 2021, which is a 65 percent increase.
Of the total of 118,970 NHS data breaches between 2016 and 2021 in the UK, the average number of patients impacted was 787 people.
In terms of where the highest number of data breaches occurred, the report revealed that University Hospitals of Leicester NHS Trust had the highest number of human error-related data breaches in the UK. The UK’s NHS foundations with the most human error-related data breaches were (trust and number of data breaches):
| NHS Foundation | Total Data Breaches |
| University Hospitals Of Leicester NHS Trust | 8666 |
| Nottinghamshire Healthcare NHS Foundation Trust | 3388 |
| Sussex Community NHS Foundation Trust | 3310 |
| Dorset Healthcare University NHS Foundation Trust | 3017 |
| Southern Health NHS Foundation Trust | 2717 |
| Royal Devon and Exeter NHS Foundation Trust | 2523 |
| South Western Ambulance Service NHS Foundation Trust | 2458 |
| Devon Partnership NHS Trust | 2441 |
| Cumbria Northumberland Tyne and Wear NHS Foundation Trust | 2155 |
| University Hospitals Bristol and Weston NHS Foundation Trust | 1800 |
At the other end of the spectrum, the Norfolk and Suffolk NHS Foundation Trust had the least number of data breaches of all the NHS foundations that replied, recording only 1 data breach between 2016 and 2021.
The UK’s NHS foundations with the least number of human error-related data breaches were (trust and number of data breaches):
- Norfolk and Suffolk NHS Foundation Trust- 1
- Countess Of Chester Hospital NHS Foundation Trust- 4
- Kent Community Health NHS Foundation Trust- 4
- Cheshire and Wirral Partnership NHS Foundation Trust- 5
- South Tyneside And Sunderland NHS Foundation Trust- 5
- Hounslow and Richmond Community Healthcare NHS Trust- 6
- Liverpool University Hospitals NHS Foundation Trust- 6
- Tavistock and Portman NHS Foundation Trust- 7
- The Royal Marsden NHS Foundation Trust- 7
- University Hospitals of North Midlands- 8
The data patterns between the two lists reveal the gulf between different trusts when it comes to information technology success.
With significant shifts, the data reveals that South Warwickshire NHS Foundation Trust has experienced the biggest improvement in their number of data breaches. Between 2018 to 2019, the trust had 367 data breaches. However, this figure decreased by 46 percent, to 197 breaches between 2020 and 2021.
Overall, while some of the incidences are low, the risk that many health organizations are under remains a matter of concern.
