Prepare for a healthcare data breach this summer

The summer heatwave is in full swing. You’ll no doubt be taking measures to protect yourself against sunburn, but don’t forget that your organisation needs to apply its own SPF (security protection factor) to protect itself from data breach damage.

Data breaches can occur at any time, but organisations are particularly vulnerable during the summer holidays, when cyber criminals take advantage of lower staffing levels to launch malicious attacks. With employee error the main contributor to data breaches, the summer months can present a great opportunity to re-engage staff on their information security responsibilities.

Data breach statistics

IT Governance’s list of reported data breaches highlights that the healthcare and health science sector suffered the highest number of breaches in 2017, nearly double the next worst affected industry.

The stats also show that data breaches cost UK organisations an average of £2.48 million in detection and escalation activities, notification costs, breach response and loss of revenue. As highlighted during the WannaCry attack, the healthcare sector faces the additional threat of failure to deliver vital care to patients.

Data breaches and the GDPR

Under the EU GDPR (General Data Protection Regulation) there are stricter time pressures on organisations that suffer a data breach. The ICO (Information Commissioner’s Office) must be notified within 72 hours of the organisation becoming aware of the breach. Organisations must also notify individuals if the breach poses a high risk to their rights and freedoms, and keep a breach log.

When reporting a breach, organisations must take the following steps: 


Demonstrating these steps can be a challenge, particularly during the summer when many staff are on holiday. Doing all of this within 72 hours adds to the challenge – especially as organisations want to use this time to remediate the damage caused and avoid a PR nightmare.

Preparing for a breach – no one is immune

No organisation is immune from a cyber incident – even the best measures cannot protect you from 100% of threats. However, being well prepared for one can be the difference between minor disruption, and significant reputational and financial damage.

IT Governance has developed a series of packages for organisations to prepare for the challenges they face.

Choose your organisation’s risk appetite and apply the relevant ‘SPF’ with our pic’n’mix of proven information security and incident response solutions.








 Get #BreachReady and protect yourself with IT Governance >>

Human patch e-learning – misuse of Cc and Bcc when emailing

Email errors are a major cause of data breaches. To help address this, IT Governance has developed a short e-learning module designed to educate all employees about the risks and consequences of misusing the Cc and Bcc fields in emails and teach them how to communicate securely and legally with large numbers of people.

The course is a convenient and cost-effective way to reduce your organisation’s risk of suffering a data breach, and can be taken around your employees’ existing workload.

Find out more about the Misuse of Cc and Bcc when emailing – Human patch e-learning course >>

Breach Ready