GP's sending sensitive patient data via free email service

GP's sending sensitive patient data via free email service

They wouldn't would they?

Yes they would. A GP practice in County Armagh is "taking action to improve the way it looks after patients’ information following a breach of the Data Protection Act investigated by the Information Commissioner’s Office."

From the ICO website..

"The breach was caused when a free web-based email account, used by the Burnett Practice to inform patients of upcoming smear tests appointments, was hacked. The Portadown practice only became aware of the problem in October last year when patients reported receiving strange emails claiming to be from a doctor at the surgery asking them to provide their bank account details"

Sorry for the blatant plug, but the Cryptshare secure email product we resell would have ensured this could not happen for a tiny fraction of the practice's IT budget.

The law requires data controllers 'take reasonable measure, having due regard to the state of technological development'.. That doesn't mean seeing how many free email products have made it on the market, it means completing a PIA, identifying the data sharing as a threat vector, and putting a secure solution in place!