Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Irish Mirror
Irish Mirror
National
Ken Foxe

More than 2,000 HSE data breaches in 2021 including Covid-19 vaccination certificates being sent to the wrong people

The HSE reported more than 2,000 data breaches last year including almost 1,050 where Covid-19 vaccination certificates were sent to the wrong person.

Other incidents notified by the health services included the discovery of patient lists outside a public premises in Donegal and on the grounds of a hospital in Galway.

In June, a breach was reported where a third party had accessed data related to Covid-19 testing in “an unauthorised manner”.

Read More: Covid-19 vaccines involved in seven out of 10 reports of adverse reactions to human medicines in Ireland in 2021

There were also dozens of cases where appointment letters were sent to the wrong person or to the wrong address or email account, according to records released under FOI.

Missing files were also reported on numerous occasions as was one case where a car was broken into and an “appointment book disturbed”.

In Galway, old patient medical charts were accessed by a third party who had entered a derelict property in the county.

Another case involving a disability service in Co Clare saw the personal information of a service user shared with their ex-partner.

In Limerick, a patient chart was located by a member of the public in June while in one breach, the incorrect results of interview ratings in a job competition were disclosed to third parties.

There were also deliberate breaches reported including one in the west of the country where an employee “intentionally accessed [the] medical records of [a] colleague”.

Another case in Donegal saw a former staff member accessing patient data while in Munster, a staff member was thought to have used a personal email address for work during the cyberattack that crippled HSE networks.

A breach was also logged in a gynaecological clinic in Co Mayo where private medical details of a person were “overheard by another patient”.

In child and adolescent mental health services, twelve files were reported missing or lost with the date of their disappearance “unknown”.

Two encrypted laptops belonging to Cork University Maternity Hospital were reported stolen last December, according to the HSE log.

In Waterford, pregnancy information about a staff member was sent to a colleague in error last June while in neighbouring Wexford last February, an employee was reported for viewing the personal information of other staff without consent.

A breach was logged in Tipperary where a file was left in a client’s house inadvertently before being retrieved a short time later.

A similar incident was also reported in Leinster with a document left behind after a person was given treatment in their home.

In Dublin, files from a speech and language therapy service were “found in [a] park” but later handed into a health centre after being discovered.

The Central Mental Hospital reported an incident last April where several documents were located “which related to other data subjects”.

Information relating to an investigation into primary care services was also part of a breach, according to the log, with data inappropriately shared.

The HSE also reported the inadvertent release of a report under FOI, saying a “sheet with [a] list” containing personal information was later retrieved.

Three incidents where documents were mislaid as a healthcare worker removed PPE [personal protective equipment] were reported last January and July, all in the Midlands.

A breach was reported where an image was taken of a patient in the A&E of a Dublin hospital and “further processed”.

The hacking of the IT system of a subcontractor was also logged last February, with contact details for 1,119 service users compromised.

Listed on the HSE log as well was one case where a staff member posted a letter on social media that contained the name of another HSE employee.

Two cases were also reported where confidential records ended up being put in general waste disposal.

READ NEXT:

Get breaking news to your inbox by signing up to our newsletter

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.