Hundreds of hospital IT breaches

14 Feb 2013

Jackson Carlaw MSP

Hundreds of NHS staff have been reported for breaching IT guidelines in hospitals across the country over the past three years.

Nearly 500 staff were found sharing passwords, swearing in emails, making inappropriate Facebook comments and installing banned software on health board computers since 2010.

And the number of incidents is on the increase, with 195 noted last year, including a number which led to the sacking or resignation of staff.

The figures were obtained by the Scottish Conservatives through Freedom of Information.

The true numbers are expected to be much higher, with Scotland’s largest health board – Greater Glasgow and Clyde – failing to provide its figures, and many others saying significant numbers would have been dealt with at line manager level, meaning they were not formally recorded.

Responses received from Scotland’s health boards have revealed other offences include forwarding emails to the wrong recipient and “inappropriate use” of work computers.

Of the 481 breaches noted, 195 took place in 2012, with 170 in 2011 and 109 the year before that.

At least 15 workers have been sacked or forced to resign, while a handful of others were even given counselling as a result of the offence, though some health boards refused to detail what disciplinary action had been taken.

Scottish Conservative health spokesman and deputy leader Jackson Carlaw MSP said:

“More and more sensitive information in hospitals is being held electronically, including patient records and highly confidential data.

“As a result, we need to ensure those who have access act completely responsibly to ensure it doesn’t end up in the wrong hands.

“The fact this trend appears to be increasing is very concerning, particularly when you consider high profile incidents of data loss over recent years.

“I’m sure the vast majority of these breaches have been committed accidentally, but that makes it even more critical that the NHS IT system is secure and resilient to such gaffes.

“The NHS in Scotland is having to tighten its belt, and increasing use of IT can actually help this process.

“But as that happens, it’s equally essential the electronic systems in place are not vulnerable to attack or mistaken meltdown.”



Below is the number of IT breaches recorded by health boards since 2010.
Health board                           2010        2011     2012       Total
Ayrshire and Arran                     39             23         17           79
Borders                                           3               6           6           15
Dumfries and Galloway              –                –             –             4
Fife                                                 10             84         93         187
Forth Valley                                   3                1         12           16
Grampian                                      18             16          3           37
Greater Glasgow and Clyde        could not provide figures
Highland                                         7               5           6           18
Lanarkshire                                    8               2           3           13
Lothian                                          20              32        53         105
Orkney                                            1               1           2            4
Shetland                                         0               0           0            0
Tayside                                           –                 –            –            3
Western Isles                                 0               0           0            0
Scotland                                       109           170       195        481                   
For individual FoIs, contact the Scottish Conservative press office.