The ICO — an independent authority that reports to the Parliament and aims to uphold information rights in the U.K. — released the warning in response to an information security incident involving an NHS administrator.
Nicola Wren, 42, allegedly accessed a patient’s medical records without a valid legal reason multiple times while employed at Maidstone, England-based Kent and Medway NHS and Social Care Partnership Trust. She allegedly viewed the record of a single patient 279 times during a three-week period in late 2015.
Ms. Wren was fined £300 ($393.75) and ordered to pay prosecution costs of £364.08 ($477.86) and a victim surcharge of £30 ($39.38) in court.
“The ICO will continue to take action against those who abuse their position and potentially jeopardise the important relationship of trust between patients and the NHS,” said Mike Shaw, criminal enforcement group manager at the ICO, which brought the prosecution case against Ms. Wren.
More articles on cybersecurity:
Rep. Greg Walden asks Nuance to brief House committee on NotPetya attack
Nearly 2k Mann-Grandstaff VA Medical Center patients’ PHI compromised after hard drive theft
FBI: 8 tips to secure IoT medical devices, wearables from cyberattackers
