Up to 10,000 patients may have been affected after a Birmingham based private health company called Diagnostic Health saved unencrypted NHS patient details onto Google Drive, allowing access across staff members using a singular password. The NHS used Diagnostic Health to refer patients for ultrasound scans.
GP referrals were emailed directly to staff inboxes with no audit trail allowing for details on the individual which accessed the system, as individual logins were not provided. Not only were details stored unsafely, staff had no control over deleting personal data from ex-colleague laptops, as well as a laptop going missing from the home of a member of staff containing patients records which the ICO was never informed of.
After being investigated by the Information Commissioners Office (ICO), Diagnostic Health voluntarily suspended their NHS service in order to complete an action plan to help work towards improved storage procedures. The firm have since resumed their services to the NHS, but at what cost? Privacy and confidentiality is important to all patients, therefore patients may be wary to make a return when their personal records were already placed in jeopardy once.