BackSCIENCE_HEALTH
NHS staff accessed Southport victims' records 'inappropriately', hospital trust admits
The trust confirmed 48 staff looked at the medical records of Southport attack victims in an inappropriate breach identified during a post-attack information access audit. Staff faced HR disciplinary action, none were dismissed, and regulators were notified. The ICO had been informed in 2024, and victims’ privacy concerns have been raised.
Why It Matters
This incident raises ongoing concerns about patient data protection in the NHS and accountability for data breaches, especially in high-profile trauma cases.
Timeline
2 Events
Trust confirms 48 staff accessed victims' records after Southport attack
May 15, 2026
The trust admitted that 48 staff members looked inappropriately at the medical records of victims of the Southport knife attack. The access was identified during a standard information access audit carried out in the days after the attack. The trust said staff were subject to HR disciplinary processes, ranging from informal counselling to a final written warning, and none were dismissed. The trust also said it notified relevant regulators and professional bodies, including the ICO, and that the decision not to inform the patients involved at the time was made on clinical advice.
ICO informed of data breach at NHS trust
August 2024
The Information Commissioner's Office said it was told about the breach in August 2024 and that it was not intended to start a criminal investigation at that time, while continuing to remind healthcare organisations about keeping patient data secure.