NHS Highland reprimand for HIV patient email data breach

NHS Highland has been criticised by the Information Commissioner’s Office (ICO) for a 2019 data breach that exposed the email addresses of 37 people using its HIV services. The error, caused by failing to use the BCC email function, was defined as a ‘serious breach of trust’. The ICO is recommending improvements to data protection safeguards. NHS Highland has since apologised and changed its email domain to prevent another similar incident.