A security breach affecting a London clinic has revealed the identities of nearly 800 people who attended HIV clinics. The cause of the breach? Simple human error. Names were included for all to see in an email newsletter; the document was sent to all recipients as a group message rather than utilising the blind copy facility which fixes it so that the individual reader of an email cannot see the others to whom it was sent. The clinic has stated that not everyone listed in the email is necessarily HIV positive.
Some individual patients involved in the data breach have expressed their horror about what has occurred and the possible repercussions. The Chelsea and Westminster Hospital who run the clinic have not stated whether they will take any action against the staff member who issued the newsletter although an official report has been made to the Information Commissioner’s Office (ICO) which has the potential to levy a fine of up to £500,000.