In late 2020, a Transform Hospital Group data breach was reported to the Information Commissioner’s Office (ICO), an independent authority that enforces data protection legislation. Intimate images of cosmetic surgery procedures had been stolen in a malware attack, along with other personal details.
If your personal data was involved and you can prove it caused you financial or emotional suffering, you could qualify for damages and this guide explains how.
Data protection is more important than ever and laws exist to compel all companies and agencies to protect the personal information they hold about us. Under the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR), those entrusted with our personal information have specific obligations to protect it from an accidental or deliberate breach.
Our advisors are available 24/7 and give free legal advice without any obligation for you to proceed with the services of our panel of solicitors. If you have evidence of a valid claim, why not get in touch?
- Call us on 0800 408 7825
- Contact us for a callback
- Access the ‘live support’ on this page
- Alternatively, continue reading the sections below and access more help through the highlighted links
Select A Section
- How Did The Transform Hospital Group Data Breach Happen?
- Could I Make A Transform Hospital Group Data Breach Claim?
- Why Make A Medical Data Breach Claim?
- How Do I Claim For A Transform Hospital Group Data Breach?
- What Could You Claim For A Hospital Data Breach?
- Why Contact Us About Your Data Breach Claim?
In December 2020, the Transform Hospital Group announced on their website that they had suffered a significant cyberattack. Ransomware had been used to infiltrate their systems and steal images of clients before and after their cosmetic surgery procedures. Other personal details were also compromised. A hacker group called REvil stated they had accessed these images and threatened to publish the details.
The Group stated that it had reported the breach to the ICO. It also stated that it had contacted the clients involved.
In order to be eligible to make a data breach compensation claim, it’s important that you were identified as one of those affected. You’d also need to show that you suffered harm in some way, whether mentally, financially or both.
Personal data or information can identify you, whether alone or in conjunction with other information. Organisations that collect or process personal data should take appropriate measures to protect it.
There are core principles of data processing that organisations should follow. They are:
- Lawfulness, fairness, and transparency in regards to how and why they’re processing personal data
- Only using personal data for the reasons they collected it.
- Minimising the amount of personal data they collect to meet their processing purposes.
- Keeping records accurate.
- Only storing personal data for as long as it’s needed.
- Keeping personal information secure.
- Being accountable for adhering to the above principles.
Failing to follow any of the above could lead to a personal data breach. A data breach occurs when a security incident causes unlawful or accidental loss, destruction, change, disclosure of, or access to personal information.
Special Category Data
Some examples of personal data are seen as more sensitive and require more protection. It’s known as special category data and includes:
- race or ethnicity
- political, philosophical and religious beliefs
- trade union membership
- biometric data (for ID purposes)
- genetic data
- data relating to health
- data about someone’s sex life or sexual orientation
People Affected By Healthcare Data Breaches
The ICO releases quarterly statistics on data breach incidents. For Q3 of 2021/22, there were 2,404 data security incidents reported by different sectors. The health sector reported the most overall, with 467. These incidents included cyber and non-cyber.
If you were affected by the Transform Hospital Group data breach, our advisors could help. Get in touch if you have evidence to justify a claim.
Data breaches may seem like something that could be easy to minimise and starting a claim for compensation may feel overwhelming or complex. However, the aim of a claim is to attempt to return you to the position you were in before the harm occurred. Compensation is aimed at helping you recover financial losses, but also recompensing you for the psychological injuries you endure.
However, it’s important to note that you can only claim if you have evidence. This could come in various forms such as:
- Correspondence from the organisation about your personal data being involved in a breach and what kinds of data were affected
- Proof of expenses related to the breach (such as the cost of therapy if it wasn’t covered by the NHS)
- Proof of mental suffering
Our advisors can help you understand what you could use if you have a valid claim.
Organisations have an obligation to report a notifiable data breach to ICO within 72 hours. They should also inform you of the problem as promptly as possible if your personal data was involved and the breach risks your rights and freedoms.
If you suspect your personal data was involved in a breach, but the organisaiton hasn’t contacted you about it, you could contact them directly. They may be able to explain how your data was involved or whether it wasn’t.
If you don’t receive a satisfactory response, you could contact the ICO. You’d need to contact the ICO within 3 months of the organisation’s last meaningful response, however.
There are practical steps that you can take to secure your own personal data such as:
- Ensure you back your data up
- Use strong passwords
- Be wary of and report unexpected or suspicious emails
- Install anti-virus software
- Never leave laptops or paperwork containing personal data unsecured
Speak with our advisors today if you have proof of a valid Transform Hospital Group data breach claim.
With the correct evidence in place, it can be possible to claim compensation for two types of damages: material damage and non-material damage.
- Material damage relates to financial losses caused by the breach.
- Non-material damage relates to the mental harm you endure because of a personal data breach. This can include anxiety and distress, for example.
After a case called Vidal-Hall v Google, it was established that psychiatric harm deserved to be compensated in its own right, regardless of whether financial harm was present also. Before this cause, you’d only be able to claim for psychological damage if you’d also endured financial loss. However, now you can claim for both or either.
The Judicial College Guidelines (JCG) is a publication solicitors use when valuing injuries in personal injury claims. They can also use it for data breach claims. It contains potential compensation awards for various injuries and illnesses.
With this in mind, you could apply for a similar level of compensation if the findings from an independent medical appointment show that you suffered similar issues. However, it should be noted that compensation is calculated on a case-by-case basis. For an accurate possible value, we recommended that you get in touch with our advisors.
We’ve used figures from the JCG in the compensation table below.
|Type of Psychiatric Harm||Level of Severity and JC Guideline Award Bracket||Supporting Notes|
|General Psychiatric Damage||£54,830 to £115,730 - (A) Severe||Cases such as these attract awards based on how profound and permanent the mental health damage is|
|General Psychiatric Damage||£19,070 to £54,830 - (B) Moderately Severe||Less acute than above, it is still considered that a significant level of disability exists|
|General Psychiatric Damage||£5,860 to £19,070 - (C) Moderate||This awrd bracket acknowledges a marked improvement by the time the case is heard|
|General Psychiatric Damage||Up to £5,860 - (D) Less Severe||Length of disability taken into account, as well as impact on sleep or other phobia issues|
|Post-Traumatic Stress Disorder (PTSD)||£59,860 to £100,670 - (A) Severe||Permanent and profound challenges that radically alter every aspect of the sufferer's life and ability to cope|
|Post-Traumatic Stress Disorder (PTSD)||£23,150 to £59,860 - (B) Moderately Severe||Different from the bracket above as some of the extremes of the condition may ease with professional help|
|Post-Traumatic Stress Disorder (PTSD)||£8,180 to £23,150 - (C) Moderate||Largely recovered with no extreme remaining issues to cause disability|
|Post-Traumatic Stress Disorder (PTSD)||Up to £8,180 - (D) Less Severe||A full recovery within a two year period, minimal issues remaining|
When it comes to material damage, related invoices, bills, or statements that give evidence of negative financial impact can be presented to bolster your claim. For example, the data breach could have caused:
- Additional costs to you in order to prevent the data leaking further
- Loss of earnings if you had to take time of work to deal with the issue, or your mental health was impacted
If you would prefer, you can use a mental health compensation calculator or contact our advisors who can value your claim for free whilst taking into account its nuances.
A data breach solicitor from our panel could take up your case on a No Win No Fee basis if it’s valid and has prospects of winning. This would allow you to start a claim without paying for the services of a solicitor upfront. You also wouldn’t have to pay their fee whilst the claim is ongoing.
In fact, you’d only pay the solicitor’s fee if the claim wins. This is known as a success fee and it comes out of the compensation you receive, once that’s come through. It’s capped at 25% by law but could be reduced if you discuss it with our advisors.
If the case fails, there is nothing to pay your solicitors at all. Learn more about how a No Win No Fee claim could help you by:
Useful Articles And Guides
The Transform Hospital Group data breach is one example of a data security incident. Please use the resources below to learn more about types of data breaches:
- Compensation for a misdirected fax data breach
- More reading on compensation after a dental medical breach
- Information about data breach compensation claims against the NHS
- More tips for cyber security from the Government
- How to complain about an organisation
Article by EA