London gender identity clinic investigating ‘data security incident’

  • 9 September 2019
London gender identity clinic investigating ‘data security incident’

A gender identity clinic in London has said it is investigating “a data security incident” after patient emails were exposed.

The Charing Cross Gender Identity Clinic, which is run by Tavistock and Portman NHS Foundation Trust, sent out an email on 6 September regarding an art project.

Tavistock later said in a statement that “due to an error, the email addresses of some of those we are inviting to participate were not hidden and therefore visible to all”.

Two separate emails were sent, with about 900 people’s emails on each one, BBC News reported.

The trust’s statement added: “We are hugely apologetic and understand that this is a serious data breach.

“We can confirm we are reporting this breach to the Information Commissioner’s Office (ICO) as well as treating it as a serious incident within the Trust.”

The Gender Identity Clinic accept referrals from all over the UK for adults with issues related to gender and involves patients who are transitioning gender or considering doing so.

One of those affected was Shon Faye, who told The Guardian: “It could lead to people being outed to family members or to their communities as being trans, where it may be a risk to them being known to be trans.

“That could be hugely dangerous to their wellbeing and safety.”

The ICO confirmed on social media that it has been made aware of the incident and would “assess the information provided”.

In May 2016, the 56 Dean Street clinic in London’s Soho was fined £180,000 by the ICO after almost 800 email addresses of patients were leaked.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Kootenai Health cyber attack impacts 464,000 patients

Kootenai Health cyber attack impacts 464,000 patients

US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack.
Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
ICO guidance on transparency published for health and care sector

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.