A data breach at NHS Lothian was discovered during a routine audit, revealing that unauthorized individuals had accessed the medical records of an unspecified number of patients. The breach was identified last month, prompting an immediate investigation. While the exact number of affected patients remains undisclosed, the health board confirmed that 'appropriate action' was taken, including notifying impacted patients, reporting the incident to Police Scotland, and informing the Information Commissioner’s Office (ICO). The breach involved the inappropriate access of sensitive patient records, raising concerns over privacy violations and potential misuse of personal health information. Dr. Tracey Gillies, NHS Lothian’s medical director, assured that measures were implemented to address the incident but declined to comment on whether an internal employee was responsible. The breach underscores vulnerabilities in healthcare data security, particularly when insider threats or unauthorized access protocols are exploited. The incident remains under investigation by law enforcement, with potential regulatory repercussions pending the ICO’s review.

A data breach at NHS Lothian was discovered during a routine internal audit last month, revealing unauthorized access to the medical records of an unspecified number of patients. While the exact scale of the breach remains unconfirmed by the health board, the incident involved the exposure of sensitive patient data, which may include personal and medical information. NHS Lothian has stated that 'appropriate action' has been taken in response, though specific remediation steps or the root cause (e.g., insider threat, system vulnerability, or external attack) were not disclosed. The breach raises concerns over patient privacy, potential misuse of health records, and compliance with data protection regulations like the UK GDPR. Given the nature of the compromised data—medical records—the incident could lead to reputational damage, regulatory scrutiny, and erosion of public trust in the healthcare provider’s ability to safeguard confidential information.

A data breach at NHS Lothian was uncovered during a routine audit, revealing that an unauthorized individual—later identified as a female employee—had inappropriately accessed the private medical records of approximately 100 patients. The breach was detected in September 2023, prompting an immediate internal investigation. Affected patients were notified, and the incident was escalated to Police Scotland and the Information Commissioner’s Office (ICO). Authorities confirmed that a woman had been charged in connection with the breach, with the case referred to the procurator fiscal for prosecution. The breach involved sensitive patient data, including confidential medical histories, which were accessed without legitimate cause. While the exact motive remains undisclosed, the incident highlights vulnerabilities in internal access controls within the healthcare system. NHS Lothian emphasized that no evidence suggested wider exploitation (e.g., ransomware or external hacking), but the unauthorized access alone constitutes a serious violation of patient privacy and trust. The health board assured that corrective measures were implemented, though specifics were not detailed to avoid compromising the ongoing legal process.