🟡 Medium | Source: The Register — Security
NHS Forth Valley is investigating a data breach involving maternity patients’ personal information that was exposed through an email handling error. This is the latest in a series of similar incidents affecting NHS health boards, highlighting systemic failures in basic email data protection practices. The breach raises significant concerns under UK GDPR given the sensitive nature of maternity and health data.
Security Architect’s Take: Review your organisation’s email data loss prevention (DLP) controls immediately — ensure policies are in place to prevent bulk sending of sensitive data without encryption or BCC enforcement, and consider deploying Microsoft Purview or equivalent DLP tooling to automatically classify and restrict emails containing special category health data.
Original advisory: Scot NHS Trust probes email stuffup involving maternity patients’ data