1 In 5 Data Breaches In 2023 Were In The Health Sector, New Data Reveals

New findings by data breach experts reveal ongoing compliance challenges within the health sector, highlighting the continual need for businesses to train their staff on basic data handling practices.

Since 2019, the ICO has been tracking reported data breaches. Taking a deep dive into the data, leading UK data breach solicitors, Hayes Connor, highlights which sectors experienced the most data breaches last year and beyond.

The health sector are frequent violators, coming in 1st place for data breaches in 2023. Overall, the top 10 offenders, and the percentage of total incidents each sector was responsible for in the last year, were as follows:

  1. Health                                                 17.42%
  2. Education and childcare                     14.44%
  3. Finance, insurance and credit             10.93%
  4. Local government                               9.90%
  5. Retail and manufacture                     9.76%
  6. Legal                                                   7.31%
  7. Charitable and voluntary                   6.63%
  8. Land or property services                   4.31%
  9. Transport and leisure                        3.58%
  10. Online Technology and Telecoms       2.92%

Hayes Connor’s study found that the health sector made up around 1 in 5 reported data breach cases last year. On average across the 5-year span, the health sector remains at the top of the list year on year, at almost 1 in 5 cases from 2019 to 2023.

The education and childcare sector came 2nd place last year, making up almost 1 in 7 cases. The finance, insurance and credit sector came 3rd, making up over 1 in 10 cases.

Hayes Connor also analysed the types of data that had been breached within each sector. The research found that, in 2023, basic personal identifiable data was the most common type of data being breached within health sector data breaches. In fact, this made up 73.21% of data breaches. The second highest form of data breaches involved health data, at 61.66%.

Concerningly, almost 1 in 5 of total data breaches in 2023 involved children’s data. This is particularly sensitive due to the fact children are less aware of the safeguards, consequences, and risks regarding personal data processing.

In the health sector last year, 142 cases involved children’s data, making up 7.36% of health incident

The findings also showed the different incident types behind the data breaches. The number one reason behind data breaches within the health sector was through unauthorised access, which made up 18.70% of the health data breach cases in 2023.

Data emailed to the wrong recipent showed up as the second most common incident type for this sector, at 16.22%. This demonstrates how human error plays a huge role in many data breach cases in the UK, and thus the importance of internal business training.

It is important to bear in mind that part of the 2018 GDPR regulations require businesses to report a data breach within 72 hours. Failure to notify a breach when required to do so can result in a significant fine of up to £18m, or 4 per cent of your global turnover.

Concerningly, in the health sector, it’s taking over 72 hours to report 43.88% of their data breaches. This is leaving the sector vulnerable to large fines.

Richard Forest, Legal Director at Hayes Connor, says, “Another year, another representation of how many organisations across all sectors are still failing to implement effective security protocols, leaving personal data vulnerable to breaches which have significant legal and financial repercussions for the entities involved.

“Despite regulatory advancements, and the introduction of stricter compliance mechanisms, the rate of data breaches remains a serious concern. The recent ICO trends portray a continuous need for vigilance and updated compliance strategies from businesses, especially in how they manage and protect personal data against emerging cyber threats and human error.”