As more and more patient information is stored online and in electronic form, the risk of data theft increases. Private practitioners and clinics must ensure that their data systems are resilient to attack and that they adhere to data protection legislation.

In less than a year, in May 2018, the European General Data Protection Regulation (GDPR) comes into effect, introducing new requirements that will impact on the private healthcare sector and imposing penalties on those who do not comply. Few private clinics and private healthcare businesses have begun to prepare for these additional requirements. Our Private Practice Masterclass in London in September will be addressing this issue with a presentation by Kerry Beynon from Acuity Legal.

Private healthcare lagging behind

Despite the sensitivity of the information that is held, healthcare generally has not led the way in ensuring the confidentiality and secure transmission of customer (patient) data. This is particularly true in private practice where what are, in effect, small businesses have not possessed the expertise or the technology to adopt modern day data standards. Unsecured email transmission of patient data, patient reports and medical opinions is not uncommon.

The WannaCry ransomware attack which affected IT systems in many NHS trusts in early May highlighted the shortcomings of NHS systems. However, this wasn’t targeted specifically at the theft of personal data for criminal gain.

What can go wrong? A lesson from Lithuania

A recent instance of computer hackers targeting a cosmetic surgery clinic in Lithuania highlights the risks associated with holding patient data. The hackers targeted the clinic’s servers, acquiring 25,000 images (some nude) and other personal data related to the clinic’s patients. The records on over 1,500 British cosmetic surgery patients were held on the system. Patients then reported receiving blackmail threats by the hackers and being asked for Bitcoin payments to secure removal of the images from the public internet. The clinic was also asked for £500,000 for the return of the data, but refused to pay.

Could it happen here?

Probably “yes”! Imagine the scenario… you run a cosmetic surgery clinic in Harley Street catering for the rich and famous of London. Overnight, your business is in ruins due to shortcomings in data security that deliver your clients’ images and their private data into the hands of a bunch of unscrupulous hackers. Within days, you’re receiving calls from clients who are receiving SMS messages from the hackers including links to the stolen images and demands for payment to remove them.

What can I do to protect my business?

  1. Get informed…. Book a place for the Private Practice Masterclass in London in September to hear what Kerry Beynon has to say about GDPR.
  2. Speak to your technology suppliers. If you’re running an online or PC based practice management system, find out what security is in place to reduce the risk of a data hack.
  3. Read:

Attend the Private Practice Masterclass in London


Latest news

Fiona Booth, the former Chief Executive of the Association of Independent Healthcare...

LaingBuisson is pleased to announce the acquisition of Intuition Communication, a provider of...

The Association of Independent Healthcare Organisations (AIHO) and the NHS Partners Network ...

How secure is your patient data?

About the author

Keith Pollard is Executive chairman of LaingBuisson, an online publisher in the healthcare sector that operates market-leading web portals such as Private Healthcare UK and . LaingBuisson International Limited is also active in the online medical travel sector through Treatment Abroad, International Medical Travel Journal and DoctorInternet, the Arabic medical tourism portal. View for my full profile.

Sign up for the Private Healthcare UK industry newsletter to receive all of the latest news and views from Keith and Private Healthcare UK.



Self-Pay Market Study 2017

  • Factors behind growth of the market
  • Major healthcare providers offerings
  • In-depth analysis of pricing
  • Cost: £695
  • LaingBuisson clients get a discount price of £595

Find out more >



NHS Private Patient Market Report 2015

  • First report into NHS private patient market
  • Analysis of the market
  • Drivers and future potential
  • Pricing comparison for common elective procedures
  • Cost: £575
  • LaingBuisson clients get a discount price of £475

Find out more >