Check out our animation about keeping your health data secure:
What is a malicious internal data breach?
wow
Follow Gemma's story to learn more
START
Gemma is being treated in hospital.
+ info
CONTINUE
Her ex-boyfriend Sam works at the hospital, but he is not involved in her care.
He wants to know what Gemma has been coming in for, and so he goes into her medical record to look.
CONTINUE
This is a malicious
internal breach. Gemma's health data has been purposely put at risk by Sam within the healthcare system.
CONTINUE
It is a criminal offence to access someone’s health data without a legitimate reason related to their care.
CONTINUE
Hospitals can monitor who has accessed your data and investigate internal data breaches.
CONTINUE
But these breaches can also be investigated following a patient's complaint, so you may be the first to have concerns about a breach occurring.
I saw your records… I just wanted to check if you were okay.
What are you doing here?
CONTINUE
You may feel worried or angry about this potential loss of privacy and lose confidence in how your data is handled more broadly.
CONTINUE
Guilty individuals can be served fines and lose their jobs.
Offending clinicians such as doctors or nurses may be suspended, struck off the register, or be disciplined by their professional regulator.
CONTINUE
Gemma is informed by the hospital as to what happened in response to her complaint.
CONTINUE
The ICO regulate...
They will work with the service...
They will work with the service that Sam works for to help them learn how to prevent this type of breach from happening again. The ICO can also take action against the service that Sam works for, if they are found to have not done enough to prevent the breach from happening in the first place.
The Information Commissioner's Office, or ICO, regulate and enforce data protection laws in the UK. The ICO can also investigate and, if necessary, prosecute in these cases.
If you ever need it, you can get support from the ICO with how to complain to the offending service/organisation, as well as how to submit a complaint to the ICO to prompt them to investigate.
CONTINUE
If you ever need it...
Health services take many steps to support the security of your data.
Services must review and report on their data security practices in line with clear quality standards.
Provide ongoing data security training to staff.
Appoint specific roles who monitor and advise on data security to health services.
CONTINUE
When it comes to health services, the ICO have an array of tools to regulate how your personal data is looked after...
CONTINUE
Their priority is to support services to make changes and prevent mistakes happening in the future.
In the case of the most serious errors, organisations can receive large fines as a penalty for breaches... but this is a last resort for the public sector as fines would take money out of the health service, which would only put patients at further risk.
CONTINUE
Click the buttons below for more information:
Read the research behind these resources.
Explore ICO information for the public.
Review NHS England guidance on data breaches.
Check out UPD’s health data policy explainers.
Find out how the ICO has been taking action in response to incidents in the health sector.
Check how well specific services perform on data security measures.
Read about an example of new technology improving security.
Learn about some examples of security roles in services.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.
- Generate experiences with your content.
- It’s got the Wow effect. Very Wow.
- Make sure your audience remembers the message.
Malicious internal data breach v1
Lauren McDonald
Created on September 19, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Terrazzo Presentation
View
Visual Presentation
View
Relaxing Presentation
View
Modern Presentation
View
Colorful Presentation
View
Modular Structure Presentation
View
Chromatic Presentation
Explore all templates
Transcript
Check out our animation about keeping your health data secure:
What is a malicious internal data breach?
wow
Follow Gemma's story to learn more
START
Gemma is being treated in hospital.
+ info
CONTINUE
Her ex-boyfriend Sam works at the hospital, but he is not involved in her care.
He wants to know what Gemma has been coming in for, and so he goes into her medical record to look.
CONTINUE
This is a malicious internal breach. Gemma's health data has been purposely put at risk by Sam within the healthcare system.
CONTINUE
It is a criminal offence to access someone’s health data without a legitimate reason related to their care.
CONTINUE
Hospitals can monitor who has accessed your data and investigate internal data breaches.
CONTINUE
But these breaches can also be investigated following a patient's complaint, so you may be the first to have concerns about a breach occurring.
I saw your records… I just wanted to check if you were okay.
What are you doing here?
CONTINUE
You may feel worried or angry about this potential loss of privacy and lose confidence in how your data is handled more broadly.
CONTINUE
Guilty individuals can be served fines and lose their jobs.
Offending clinicians such as doctors or nurses may be suspended, struck off the register, or be disciplined by their professional regulator.
CONTINUE
Gemma is informed by the hospital as to what happened in response to her complaint.
CONTINUE
The ICO regulate...
They will work with the service...
They will work with the service that Sam works for to help them learn how to prevent this type of breach from happening again. The ICO can also take action against the service that Sam works for, if they are found to have not done enough to prevent the breach from happening in the first place.
The Information Commissioner's Office, or ICO, regulate and enforce data protection laws in the UK. The ICO can also investigate and, if necessary, prosecute in these cases.
If you ever need it, you can get support from the ICO with how to complain to the offending service/organisation, as well as how to submit a complaint to the ICO to prompt them to investigate.
CONTINUE
If you ever need it...
Health services take many steps to support the security of your data.
Services must review and report on their data security practices in line with clear quality standards.
Provide ongoing data security training to staff.
Appoint specific roles who monitor and advise on data security to health services.
CONTINUE
When it comes to health services, the ICO have an array of tools to regulate how your personal data is looked after...
CONTINUE
Their priority is to support services to make changes and prevent mistakes happening in the future.
In the case of the most serious errors, organisations can receive large fines as a penalty for breaches... but this is a last resort for the public sector as fines would take money out of the health service, which would only put patients at further risk.
CONTINUE
Click the buttons below for more information:
Read the research behind these resources.
Explore ICO information for the public.
Review NHS England guidance on data breaches.
Check out UPD’s health data policy explainers.
Find out how the ICO has been taking action in response to incidents in the health sector.
Check how well specific services perform on data security measures.
Read about an example of new technology improving security.
Learn about some examples of security roles in services.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.