Data protection breach at military medical facility
Data protection breach at military medical facility
In January, it emerged the medical data of up to 50 soldiers — including one who had died — was allegedly accessed without authorisation. File picture: Gareth Chaney/RollingNews.ie
WED, 23 AUG, 2023 - 15:00
NEIL MICHAEL
Social share
A Defence Forces investigation is under way into another data protection breach of the military’s electronic health record system.
The latest investigation centres on the alleged actions of a healthcare worker at a military medical facility.
The Defence Forces has said it is the third alleged breach in relation to the electronic military medical records system Socrates in five years.
It is the second incident to be reported this year so far.
Last March’s report by the Independent Review Group panel into the Defence Forces included concerns around access and management of patient medical records within the Defence Forces, as well as highlighting abuse, persecution, victimisation and penalisation of soldiers.
In January, it emerged the medical data of up to 50 soldiers — including one who had died — was allegedly accessed without authorisation.
In the latest alleged breach involving Socrates, the healthcare worker had access to the records of at least one soldier in whose care they were not involved.
Private medical information
The worker is understood to have referred to private medical information in conversation with a friend of one of the soldiers whose records are alleged to have been illegally accessed.
Alarm was raised by members of staff at the facility and military police detectives called in.
It is not known exactly when this latest alleged data protection breach happened but in May this year, the Defence Forces data protection officer issued warnings to a number of soldiers.
They were told: “It has been uncovered that your electronic health record has been accessed by a healthcare professional not actively involved in your care.
“No alterations were made to any medical records or notes on your file. The records were viewed only.
“There was no loss of data and the records concerned are secure.
“The initial review indicates no information has been shared in any way.
“Further investigation into this matter by Military Police is under way.”
It has also emerged the Data Protection Commission is investigating a total of eight complaints in relation to alleged data protection breaches.
None of them are related to Socrates, according to the Defence Forces.
Warning from whistleblower
Whistleblower Alan Nolan, a retired sergeant major who warned the Defence Forces in 2015 that Socrates was not fit for purpose, said, while he wasn’t familiar with the details of the latest case, it was clear “there is a big issue” with digital medical records in the Defence Forces.
I have been warning them about issues over privacy and the wholescale digitalisation of people’s personal health records for years.”
Mr Nolan, who will today meet Department of Defence secretary-general Jacqui McCrum to discuss his concerns about data protection issues and protected disclosures he has made about them, added: “There needs to be an investigation into what is going on in the Defence Forces as far as data protection is concerned.
“Tellingly, one of the main recommendations of the IRG [Independent Review Group] report concerned medical records.”
A Defence Forces spokesperson told the Irish Examiner: “A Military Police investigation is currently ongoing in relation to the circumstances surrounding this alleged breach.
“We cannot comment in advance of the conclusion of this investigation.”
They added there have so far been three “queries of data” breaches reported to the Data Protection Commission with regard to access to the Socrates system.
They also said two of these cases did not reach the threshold to constitute a data breach.
The spokesperson added: “The Data Protection Commission has notified the Defence Forces Data Protection Office of eight complaints received that are currently ongoing.
“It should be noted that seven of these complaints are related to one particular breach.
“None of these complaints are related to the alleged Socrates breaches mentioned.”
In January, it emerged the medical data of up to 50 soldiers — including one who had died — was allegedly accessed without authorisation. File picture: Gareth Chaney/RollingNews.ie
WED, 23 AUG, 2023 - 15:00
NEIL MICHAEL
Social share
A Defence Forces investigation is under way into another data protection breach of the military’s electronic health record system.
The latest investigation centres on the alleged actions of a healthcare worker at a military medical facility.
The Defence Forces has said it is the third alleged breach in relation to the electronic military medical records system Socrates in five years.
It is the second incident to be reported this year so far.
Last March’s report by the Independent Review Group panel into the Defence Forces included concerns around access and management of patient medical records within the Defence Forces, as well as highlighting abuse, persecution, victimisation and penalisation of soldiers.
In January, it emerged the medical data of up to 50 soldiers — including one who had died — was allegedly accessed without authorisation.
In the latest alleged breach involving Socrates, the healthcare worker had access to the records of at least one soldier in whose care they were not involved.
Private medical information
The worker is understood to have referred to private medical information in conversation with a friend of one of the soldiers whose records are alleged to have been illegally accessed.
Alarm was raised by members of staff at the facility and military police detectives called in.
It is not known exactly when this latest alleged data protection breach happened but in May this year, the Defence Forces data protection officer issued warnings to a number of soldiers.
They were told: “It has been uncovered that your electronic health record has been accessed by a healthcare professional not actively involved in your care.
“No alterations were made to any medical records or notes on your file. The records were viewed only.
“There was no loss of data and the records concerned are secure.
“The initial review indicates no information has been shared in any way.
“Further investigation into this matter by Military Police is under way.”
It has also emerged the Data Protection Commission is investigating a total of eight complaints in relation to alleged data protection breaches.
None of them are related to Socrates, according to the Defence Forces.
Warning from whistleblower
Whistleblower Alan Nolan, a retired sergeant major who warned the Defence Forces in 2015 that Socrates was not fit for purpose, said, while he wasn’t familiar with the details of the latest case, it was clear “there is a big issue” with digital medical records in the Defence Forces.
I have been warning them about issues over privacy and the wholescale digitalisation of people’s personal health records for years.”
Mr Nolan, who will today meet Department of Defence secretary-general Jacqui McCrum to discuss his concerns about data protection issues and protected disclosures he has made about them, added: “There needs to be an investigation into what is going on in the Defence Forces as far as data protection is concerned.
“Tellingly, one of the main recommendations of the IRG [Independent Review Group] report concerned medical records.”
A Defence Forces spokesperson told the Irish Examiner: “A Military Police investigation is currently ongoing in relation to the circumstances surrounding this alleged breach.
“We cannot comment in advance of the conclusion of this investigation.”
They added there have so far been three “queries of data” breaches reported to the Data Protection Commission with regard to access to the Socrates system.
They also said two of these cases did not reach the threshold to constitute a data breach.
The spokesperson added: “The Data Protection Commission has notified the Defence Forces Data Protection Office of eight complaints received that are currently ongoing.
“It should be noted that seven of these complaints are related to one particular breach.
“None of these complaints are related to the alleged Socrates breaches mentioned.”
