Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

NHS Warns Staff Over Unauthorized Access to Patient Data

July 11, 2026

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

July 11, 2026

New Ransomware Exploits Malicious Driver to Remove Security Protection

July 11, 2026
Facebook X (Twitter) Instagram
Saturday, July 11
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»NHS Warns Staff Over Unauthorized Access to Patient Data
News

NHS Warns Staff Over Unauthorized Access to Patient Data

Team-CWDBy Team-CWDJuly 11, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Britain’s health service has warned staff that they could face jail time if found guilty of accessing patient data without a legitimate reason.

Head of the NHS, Jim Mackey, said inappropriate access of medical records was “wholly unacceptable, a disgraceful breach of patient trust and against the law”.

The comments came as the NHS launched a new awareness-raising campaign for staff, in conjunction with new guidance for healthcare organizations on preventing, monitoring and reporting unauthorized access.

The campaign, which urges staff to “not to let curiosity kill your career,” has been prompted by several recent high-profile cases where NHS employees were found to have done just that.

In May, 11 staff were sacked and 14 given written warnings after unlawfully accessing the records of victims of the 2023 Nottingham knife attacks. A month later a Cambridgeshire hospital launched an investigation after around 40 staff accessed the records of a seriously injured child without good reason.

Read more on healthcare data threats: Insider Cloud Data Theft Plagues Healthcare Sector.

It’s not just NHS staff that are breaking data protection laws. Last month, the Information Commissioner’s Office (ICO) issued a former healthcare worker a formal caution after they tried to access and sell the medical records of the Princess of Wales.

The incident took place at a private hospital in London.

NHS Organizations Urged to Put Technical Controls in Place

The NHS guidance on accessing data describes different types of unlawful access and clarifies that, when this happens, staff will be reported to the ICO and police for potential criminal prosecution. They also risk ending their careers in healthcare.

Additionally, the guidance explains how NHS organizations can monitor for unauthorized access and conduct regular audits. Newer electronic patient record systems can flag incidents in real time, it said.

IT teams were urged to put in place technical controls to prevent such incidents from even occurring, such as enforcing least-privilege policies, multi-factor authentication (MFA) and role-based access controls.

ICO CEO, Paul Arnold, said medical data is some of the most sensitive information a person owns.

“Having the ability to view a record is not the same as having a legitimate need to do so,” he added. “Every member of staff has a personal responsibility to respect that boundary, and every patient has a right to expect that they will. Staff who breach that trust face serious consequences: loss of employment, removal of professional accreditation and criminal prosecution.”

Graeme Stewart, head of public sector at Check Point, said the campaign was a timely reminder of the insider risks that all organizations face.

“The NHS has spent the last few years focused heavily on external threats such as ransomware, supply-chain attacks like the one that hit Synnovis, and nation-state activity, and rightly so. But this shows the same principles of zero trust and least-privilege access need to be applied internally as well as externally,” he added.

“The risk is compounded as the NHS pushes ahead with wider electronic patient record rollout and initiatives like the Federated Data Platform, which are designed to make patient data more shareable across trusts.”



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleThreat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Team-CWD
  • Website

Related Posts

News

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

July 11, 2026
News

New ‘GigaWiper’ Malware Combines Espionage & Destructive Capabilities

July 10, 2026
News

Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

July 10, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

A stealthy RAT burrowing deep into Android devices

May 26, 2026

Mobile app permissions (still) matter more than you may think

February 27, 2026

Is it OK to let your children post selfies online?

February 17, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.