HIV patients hit by NHS Highland email privacy breach

[Destry Winant <destry () riskbasedsecurity com>]

https://www.bbc.com/news/uk-scotland-highlands-islands-48662386

The email addresses of almost 40 people who have HIV have been made
public by mistake.

It is understood the 37 patients in the Highlands were able to see
their own and the others people's addresses in an email from NHS
Highland.

The message contained an invitation to a support group run by a sexual
health clinic at Raigmore Hospital in Inverness.

NHS Highland said it "deeply" regretted the breach of confidentiality.

A spokeswoman said the health board had contacted each patient and
apologised to them.

She added: "As per normal procedure, a formal internal review is being
conducted to understand how this has happened and to consider any
steps to avoid this happening in future."

The charity HIV Scotland has described the breach as "unacceptable".

Chief executive Nathan Sparling said: "Confidentiality is of paramount
importance when it comes to people living with HIV, and the decision
to disclose their status should be theirs and theirs alone.

"People affected by this leak will be understandably distressed, and
HIV Scotland stands ready to support all those affected."

Mr Sparling said he was pleased NHS Highland had instigated an investigation.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange