Criminal probe after data breach at Wigan hospital

Thousands of confidential Wigan hospital patient records were accessed multiple times by unauthorised staff, prompting a criminal probe.


The Wrightington, Wigan and Leigh (WWL) NHS Foundation Trust has sent out letters to victims of the data breach, who number more than 2,000, explaining that personal information was viewed on multiple occasions by an employee who had no legitimate reason to access the files and were not permitted to do so.

On its website, the trust says 2,172 members of the public have been affected by this incident

On its website, the trust says 2,172 members of the public have been affected by this incident

As a result the Information Commissioner’s Office has launched a criminal investigation.

On its website, the trust says 2,172 members of the public have been affected by this incident.

It is possible that clinical documentation such as blood results, care pathways, medication, secretary letters and discharge letters have been accessed.

The trust has told those affected: “Unfortunately during this investigation poor computer etiquette was also identified and therefore we are unable to validate the specific individual concerned.

“The employee who has inappropriately accessed your record is a member of our staff who has legitimate access to our electronic health record system; for example a medical professional or clinical administrator.”

One recipient of the letter, who has regularly been treated at Wigan Infirmary, expressed concern after discovering that several people may have snooped on her private details.

The patient, who asked not to be named, told the Wigan Post: “I’ve got a really sensitive record. It’s not like I’ve gone in with a little ear infection. I have mental health issues and I’ve been through domestic violence. Now anyone could know that.”

Paul Howard, company secretary and data protection officer said: “Wrightington, Wigan and Leigh NHS Foundation Trust take data protection and patient confidentiality very seriously.

“My role as data protection officer is to monitor the organisation’s compliance with data protection legislation and to be available to individuals who wish to exercise any of their rights under the legislation.

“We have written to the families concerned and have offered our sincere apologies on this matter. We have also reported the incident to the Information Commissioner’s Office.

“We take our duty of confidentiality to our patients extremely seriously and the Information Governance team have conducted a thorough investigation into this breach, which is still ongoing. Therefore, it would not be appropriate to comment further.

“As part of the investigation so far there has been no evidence of the information being used for personal gain. Further information is available for patients on our website www.wwl.nhs.uk