Northern Ireland

Investigation launched into data breach affecting multiple GP practices

The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June

The changes mean that, from next month, women aged 25 to 49 in England who are negative for human papillomavirus (HPV) will receive screening invites every five years
The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on 20 June (Anthony Devlin/PA)
By Conor Coyle

An investigation has been launched into a potential data breach at several GP surgeries in Northern Ireland after a theft at a practice in Co Antrim.

Personal details such as the names, addresses and phone numbers of patients at the practices are understood to have been at the centre of the data breach, which the Department of Health has said relates to “missing disks”.

The PSNI have confirmed they have launched an investigation into a theft at a practice which took place on June 20.

Details have not been provided as to how many practices and patients may be affected by the breach, but a spokesperson for the department says it relates to a “small number of GP practices”.

The spokesperson said: “The Department of Health is aware of an ongoing PSNI investigation relating to missing disks which in some instances contained personal information from a small number of GP Practices. The GP practices potentially impacted are aware and engaging with appropriate bodies.

“We cannot comment further on this due to the ongoing investigation.”

The PSNI says officers are continuing to investigate the theft from three months ago, but it’s understood patients were only informed of the potential data breach in the last week.

“We regret to inform you that our practice has been affected by a potential data breach,” one letter to patients states.

“Your personal details may have been among the data involved.”

The letter goes on to say that the breach “was a result of actions of a Capita employee who was updating hardware on behalf of the Department of Health and did not follow correct procedure”.

“This was out of our control and has been referred to the Information Commissioner’s Office (ICO).”

Capita provides outsourcing contracts for several Stormont departments in many areas, including IT services. The company has been approached for comment.

Colin McGrath, SDLP MLA and the party’s health spokesperson, described the breach of patient data as “unacceptable”.

“People will be shocked that their personal medical details may have been lost,” Mr McGrath said.

“Accountability cannot be outsourced - the department must explain how this breach happened and what safeguards are now in place.

“People deserve answers and reassurance. I have written to the Department to find out what has happened and for an assessment of the impact.”