NHS cybersecurity and the rights for data breach victims

When we look at important topics such as NHS cybersecurity, we usually approach it from the perspective of the victims, given that we’re data breach compensation lawyers.

GDPR ensures that there’s an important duty on all organisations – including the NHS – to take steps to protect the data that they store and process. Their duties are clear, and the punishments that can be issued by the ICO (Information Commissioner’s Office) are also clear, and they can be substantial.

But what about the victims? What can they do when it’s their data that has been exposed or misused? What are their rights?

Claiming for an NHS cybersecurity incident

The law does allow victims of an NHS cybersecurity to be able to make a claim for data breach compensation.

The law doesn’t automatically entitle people to receive damages, and it’s something that a victim will normally need to take action to receive. By this, we mean instructing a data breach compensation law firm and asking them to represent you for a legal case.

What we do is then assess the potential for a case and decide whether it’s something we can hep you with. We’ll normally look at things such as:

• Whether the breach was preventable;
• How much of your personal data has been exposed or misused, and to whom;
• The impact on you.

This is normally enough for us to be able to make an informed decision in terms of taking an NHS data breach compensation claim forward.

The difference between fines and compensation

GDPR has paved the way for substantial fines to be issued to data breach offenders, but what about compensation claims?

An NHS cybersecurity may lead to a fine being imposed by the ICO, but the question of compensation is a separate matter. Money from fines isn’t designed to be used for compensation, and so victims usually need to instruct their own lawyer like us to be able to make a claim.

If we think that there’s a case to answer, we can then represent you for a compensation case on a No Win, No Fee basis.

Ongoing concerns

The issue over NHS cybersecurity is an ongoing concern. A large number of the claims for compensation that we take forward involve medical data breaches.

The 2017 WannaCry incident is still fresh in our minds and showed the damage that can be done when older and outdated systems are broken into.

It can be a matter of life and death. When a cybersecurity incident takes place, systems can be shut down, and whole departments may be unable to function efficiently, or at all. If a medial emergency case is caught up in a cybersecurity incident, a patient could suffer. Some patients could even lose their lives.

And that’s why the question of cybersecurity when it comes to the healthcare sector can never be understated.