Log In
Friday 26th April 2019

Hospital fined after data theft

6th June 2012

Brighton and Sussex University Hospitals Trust has been fined £325,000 by the Information Commissioner's Office after computer hard drives were stolen from a hospital.


Data was stolen from Brighton General Hospital in September 2010 which contained confidential information about tens of thousands of patients.

The theft happened when a person who worked for the Sussex Health Informatics Service was tasked with destroying 1,000 hard drives. 

The worker then removed at least 252 hard drives from the hospital and sold them to an eBay seller.

A data recovery company who bought four of the hard drives from the eBay seller discovered the information. 

Data which related to HIV and GUM was found on hard drives sold on eBay in the winter of 2010.

According to the ICO, the information showed disability living allowance forms, children's reports, details about medical treatment and conditions, as well as staff information.

The ICO said the fine was the largest it had ever given a NHS trust. However, the trust said it did not have the money to pay the fine and would launch an appeal against the decision.

The ICO's deputy commissioner David Smith said the high fine set "an example for all organisations - both public and private - of the importance of keeping personal information secure".

The trust's chief executive, Duncan Selbie, responded: "We dispute the Information Commissioner's findings, especially that we were reckless, and a requirement for any fine." 


Share this page


There are no comments for this article, be the first to comment!

Post your comment

Only registered users can comment. Fill in your e-mail address for quick registration.

Your email address:

Your comment will be checked by a Healthcare Today moderator before it is published on the site.

M3 - For secure managed hosting over N3 or internet
© Mayden Foundation 2019