Breach Of Illness Data – Could You Claim Compensation?

In this guide, we explore steps you could take should you experience a breach of illness data. Personal data relating to your medical records is given additional protections under data protection legislation due to its sensitive nature. 

breach of illness data claim

Breach of illness data claim guide

We examine the legislation in place to protect your personal data. Additionally, we look at who could be held accountable should a data breach occur.  In addition, this guide will explore what could be presented as evidence in a data breach claim. 

To conclude, we take a look at the benefits of hiring legal representation using a No Win No Fee arrangement. A specialist data breach lawyer may prove beneficial if you decide to claim. 

Should you experience a breach of illness data and have any questions, our data breach claims team may be able to help. Furthermore, if they feel your case is valid, they could provide you with a lawyer from our panel. 

To speak to a member of our team:

Select A Section

  1. What Is A Breach Of Illness Data?
  2. What Is The Most Common Cause Of Healthcare Data Breaches?
  3. What Evidence Could Help Me Claim Compensation?
  4. How Could A Breach Of Illness Data Impact You?
  5. How Much Can I Claim For A UK GDPR Breach?
  6. Learn More About No Win No Fee Data Breach Solicitors

What Is A Breach Of Illness Data?

A personal data breach is an incident relating to security that has an impact on the availability, confidentiality or integrity of your personal data. Personal data is any information stored physically or digitally that you can be identified through, either alone or when put together with other information.

As we’ve mentioned above, personal data that relates to your 

The UK General Data Protection Regulation (UK GDPR), along with the Data Protection Act 2018 (DPA), are the pieces of legislation that govern data protection for those who reside in the UK. This legislation acts to:

  • Hold the data controller responsible if a data breach occurs as a result of their failure to comply with legislation. A data controller is an entity that determines how and when your personal data is processed. They may appoint a data processor to act on their behalf. 
  • Grant rights to the data subject over the processing of their data. 
  • Set data breach compensation eligibility criteria. 

If a data breach occurs and exposes personal data relating to your health conditions, this could cause you harm. You may be able to claim data breach compensation as a result.

Talk to our data breach claims team today to discuss the breach in your personal data.

What Is The Most Common Cause Of Healthcare Data Breaches?

Human error as well as malicious actions can result in data breaches. Regular updates to cybersecurity systems could prevent cybercrime data breaches. Additionally, to prevent human error data breaches, healthcare staff with data access should be trained in data protection. 

Personal data could be sent to the wrong postal address, for example, or to the wrong email address. If you have updated your address or email address information with your healthcare provider through the correct channels, and they send this information to someone who isn’t authorised to view it, then this is a data breach. 

If your personal data was included in a breach of illness data, our data breach claims team could answer your questions 24 hours a day, 7 days a week. 

Healthcare Data Breach Statistics

The Information Commissioner’s Office (ICO) was established to help uphold the data rights of invididuals. They’re an independent organisation.

As part of their role, they collect information on data security incident trends. The graph below contains reported non-cyber incidents in the health sector for the fourth financial quarter of 2021/22.

breach of illness data Reported non-cyber incidents in the health sector, Q4 2021/22

Reported non-cyber incidents in the health sector, Q4 2021/22

What Evidence Could Help Me Claim Compensation?

If a breach of your illness data occurred, you might be entitled to make a data breach claim. Specific eligibility criteria applies. You must:

  • Prove the organisation who was processing your illness data did not adhere to legislation. 
  • Demonstrate that your personal data was exposed in the breach.
  • Show that you were harmed financially and/or mentally as a direct result of the data breach. 

If a data breach includes personal data, including personal data relating to your medical conditions, the organisation must tell you without undue delay if the breach could infringe on your rights. You also should be informed of what data was included within the breach and how it occurred. 

You may suspect your personal data was included in a patient data breach. If this is the case, you should report it to the organisation. They may not respond or do so in an unsatisfactory manner. You can report your suspicions to the ICO.

You can submit any communications you have from the organisation that your personal data was included in a data breach as evidence. Additionally, you can also submit any communications from the ICO that confirm the data breach. Reporting a breach of illness data to the ICO is not a claiming requirement. 

You will also require evidence of the harm you experienced. We’ll explore this topic further in this guide. 

You may wish to seek legal advice following a data breach. A data breach solicitor could help gather evidence. Additionally, they could advise you on when to accept a settlement offer. 

Free legal advice is available from our team. If your claim is valid, you could be provided with a lawyer from our panel. 

How Could A Breach Of Illness Data Impact You?

As stated already, you must experience harm in order to claim data breach compensation. This could be a monetary loss, such as a criminal gaining access to your bank account.

Personal data can include:

  • Name
  • Date of birth
  • Phone number
  • Email address
  • Postal address

Medical records class as special category data. This is sensitive data given additional protection under the data protection legislation. You may experience a mental health injury, such as anxiety due to a data breach, if information about your health condition is exposed. 

Talk to our data breach claims team about the harm you suffered due to a data breach. 

How Much Can I Claim For A UK GDPR Breach?

A breach of illness data claim could be formed of two heads. These cover material damage and non-material damage. 

Before we look more closely at the two heads, you might want to know about the precedent-setting Vidal-Hall and others v. Google Inc. (2015) Court of Appeal case. This case changed the way compensation could be sought in data breach claims.

Prior to this case, you could only claim for injuries to your mental health, such as depression, if your claim also covered financial harm caused by the breach. Now, it is possible to claim for mental health damage alone. 

Material Damage

Under this head, if the breach of illness data resulted in financial losses, you could recover this money. You must be able to submit evidence, such as providing bank statements. 

Non-material Damage

If the data breach involving your illness details caused a mental injury, you could be compensated for that injury when making a data breach claim. To assist in assigning value to your mental suffering, legal professionals, such as a data breach lawyer, will use a document titled the Judicial College Guidelines (JCG). This document provides a list of injuries alongside corresponding compensation brackets and is also used to help value personal injury claims

Examples of mental health injuries that you could sustain, including post-traumatic stress disorder (PTSD) are provided in the table below. They were taken from the 16th edition, published in April 2022. 

Injury Severity Potential Compensation Notes
Mental suffering Severe (a) £54,830 to £115,730 It is difficult to cope with life. The prognosis is poor.
Mental suffering Moderately severe (b) £19,070 to £54,830 Significant life and relationship problems occur, but the prognosis is more positive than in severe cases of mental suffering.
Mental suffering Moderate (c) £5,860 to £19,070 There have been problems, but improvements also occur with a good prognosis.
Mental suffering Less severe (d) £1,540 to £5,860 A period of disability occurs, this may impact day-to-day activities and sleep.
PTSD Severe (a) £59,860 to £100,670 A permanent inability to function in all areas of life at the same levels as before the injury.
PTSD Moderately severe (b) £23,150 to £59,860 A professional may help recovery, but significant symptoms last into the foreseeable future causing disability.
PTSD Moderate (c) £8,180 to £23,150 Largely recovered but some symptoms may persist.
PTSD Less severe (d) £3,950 to £8,180 Virtually fully recovered after 1-2 years, but some minor symptoms may persist.

Contact our team to learn more about the damages that could be included in a claim. 

Learn More About No Win No Fee Data Breach Solicitors

If you decide to claim patient data breach compensation, you may find the process easier with legal representation. A specialist medical data breach solicitor could provide their services under a Conditional Fee Agreement (CFA). This is a kind of No Win No Fee arrangement. 

A CFA is used to fund your lawyer’s services. What this means is that you won’t pay for your solicitor’s services upfront. If your medical record data breach claim is successful, however, a success fee will be taken from your award. Legal caps apply. If your claim is not successful, you won’t have to pay for your lawyer’s services. 

Our data breach claims team can answer any questions you might have about your breach of illness data. If you would like to proceed and your data breach claim seems eligible, you could be passed onto our panel of data breach solicitors. 

To speak to a member of our team:


The following links might be useful:

Additional data breach guides:

Thank you for reading our guide on when claiming for a breach of illness data could be possible.

Article by AR

Publisher ET