The Medical Specialist Group has said it will do all it can to restore trust after a serious security breach saw patients’ personal health data stolen by cyber criminals.
The data breach happened in 2021 when the MSG’s servers were compromised. Its email systems were targeted as part of a global cyberattack with emails sent to patients impersonating MSG accounts.
The ODPA has fined the MSG £100,000, which will be reduced to £75,000 on delivery of an agreed action plan within a year.
MSG Chief Executive Dr Farid Fouladinejad said: “Protecting our patients’ information is one of our highest priorities. Four years ago, we were hit by a global cyber incident that affected many organisations in public and private sectors across the world. Since then, we’ve taken significant steps to strengthen our systems and ensure we meet the highest standards of data security. Our plan for the next 12 months will take us to an even higher level of security.”
Pictured (l-r): MSG Chair Dr Steve Evans, CEO Dr Farid Fouladinejad, and Depuy chair Dr Michelle Le Cheminant (Paul Chambers) (file image).
The MSG said since the incident it has made “major enhancements to its cybersecurity infrastructure, including substantial investment in new technology, system monitoring, and staff training, bringing the organisation in line with national and international best practice”.
However, there is always more that can be done, it has acknowledged.
The MSG “intends to work collaboratively with the States of Guernsey, the ODPA and other island healthcare providers to develop a unified, secure, and interoperable framework for information sharing in the future”.
“This ongoing work will support better clinical decisions, improve patient outcomes, and help build a more integrated healthcare system where information is accessible at the right place, at the right time and in a secure way so that patients get the best possible care,” added Dr Fouladinejad.
“We welcome the ODPA’s constructive and collaborative engagement throughout this process and remain committed to implementing our agreed action plan. As the interface between GPs and the wider healthcare system in the Bailiwick, the MSG will share the learning and experience from this incident with other interested healthcare and governmental organisations.
“We take the responsibilities of securing patients’ information very seriously and rely heavily on the cooperation and coordination from the States of Guernsey to ensure that appropriate IT systems are in place. We at the MSG are fully committed to restoring islanders’ trust in how we protect their personal information.”