Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Breach
2019
UK: Former NHS secretary found guilty of illegally accessing medical records

UK: Former NHS secretary found guilty of illegally accessing medical records

Table of Contents

Incident Details

A former employee of the NHS has been fined for illegally accessing the medical records of more than 150 individuals. Loretta Alborghetti, residing in Redditch, was employed as a medical secretary in the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she inappropriately obtained access to the records. A patient lodged a complaint in June 2019 after suspecting that their records had been accessed without authorization. Subsequent investigations revealed that Ms. Alborghetti had viewed this patient's records on 33 occasions between March and June 2019 without consent or legitimate reason. It was also discovered that she had accessed a total of 156 patient records without authorization or legitimate cause, viewing them over 1800 times during the three-month period. These records included those of individuals living in the same area as her and family members. While part of her duties as a medical secretary involved accessing patient information in the ophthalmology department, the individuals whose records she accessed did not have ophthalmology-related medical conditions. Ms. Alborghetti appeared in court and pled guilty to unlawfully obtaining personal data in violation of Section 170 of the Data Protection Act 2018, following an investigation by the Information Commissioner's Office. She was fined a total of £648. It is crucial for individuals to trust that their sensitive data, such as medical records, is secure and handled responsibly. Accessing personal information without a legitimate reason is a breach of data protection laws, as highlighted by this case, reinforcing the importance of respecting individuals' privacy.

Incident

How Did the Breach Happen?

Loretta Alborghetti, a past NHS secretary, breached protocols by inappropriately viewing medical records on 156 occasions. These records included those of both family members and residents with nearby postcodes.

What Data has been Compromised?

Over 150 individuals' medical information was breached. Loretta Alborghetti unlawfully viewed patient records more than 1800 times in a span of three months without permission or a legitimate reason.

Why Did the company's Security Measures Fail?

Security measures within the NHS Trust were compromised leading to a breach. Loretta Alborghetti, working as a medical secretary, had authorization to view patient information. Despite this, the security protocols did not stop her from accessing records beyond those relevant to her position in the Ophthalmology department.

What Immediate Impact Did the Breach Have on the company?

Following the breach, the company faced immediate repercussions when a patient filed a complaint upon discovering their medical information had been viewed without permission. Further examination illuminated the full scope of Loretta Alborghetti's unauthorized handling of patient records.

How could this have been prevented?

To avoid such security breaches, the company could have enforced more stringent access restrictions and systematic auditing measures. Consistently monitoring employees' interactions with confidential information could have identified and thwarted unauthorized entry at an earlier stage.

What have we learned from this data breach?

This breach highlights the critical need for organizations to focus on securing data and putting in place strong safeguards to protect sensitive information. It underscores the significance of enforcing strict access protocols, consistently monitoring systems, and educating employees on data protection regulations.

Summary of Coverage

Loretta Alborghetti, a previous employee of the NHS, was convicted of unlawfully viewing the medical records of more than 150 individuals. She violated privacy regulations by checking patient records without proper authorization or a valid reason, looking at them on 1800 occasions in a span of three months. This incident underscored the urgency for enhanced security protocols, more stringent access restrictions, and increased understanding among staff regarding data privacy regulations.

Is your System Free of Underlying Vulnerabilities?
Find Out Now