ICO reprimands NHS Highland for “serious” data breach

The UK’s Information Commissioner’s Office (ICO) has reprimanded NHS Highland over a data breach that exposed the email addresses of 37 people likely to be using HIV services. While no fine was issued, the ICO called for improved data protection safeguards amongst HIV service providers. Failure to use the BCC email function correctly is a top-10 non-cyber breach, with almost 1,000 reported instances since 2019.