loading icon

Clinical negligence specialist Catherine Pinnegar reviews a recent data breach and the impact it might have on patients.

A cyber hacker syndicate have claimed responsibility for the recent ransomware attack on a cosmetic surgery hospital Group. The hackers claim to have stolen photographs of patients and it is alleged that they have demanded a ransom payment to prevent the photographs being released onto the internet.

The Hospital Group have a celebrity following including actress Tina Malone, TOWIE star Joey Essex and singer Kerry Katona. They offer many cosmetic procedures such as breast enlargements, rhinoplasties and weight loss surgeries. The syndicate have stated that the “intimate photos of customers” that they claim to have stolen, were “not a completely pleasant sight”.

The Hospital Group have stated that they have informed the Information Commissioner’s Office regarding the breach and that they have contacted all the customers who have been affected. Organisations such as this group have an obligation under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), to ensure that they have the necessary protections and procedures in place to protect the personal data that they hold and handle on behalf of their customers.

Data concerning health (as defined in Article 4(15) of the UK GDPR) falls within the Special Category of personal data which means there is extra protection afforded to this type of data by the UK GDPR. Therefore, the organisation who is controlling and processing this data will need to ensure that they have complied with these additional requirements. Proven breaches of the Data Protection Act 2018 and the UK GDPR can carry serious consequences for those who commit them. A successful claim for a breach of the Data Protection Act and the UK GDPR, could mean that the offending organisation is ordered to pay significant damages and compensation to those who fall victim to the breach.

Have you had a consultation or treatment with a Hospital Group? If yes, you might be entitled to a claim for the data breach.

We can help you make a claim against a Hospital Group if they have:

  1. Failed to protect your information, including photographs they have taken of you;
  2. Caused you emotional distress as a result of their failure to protect your information;
  3. Caused any other losses as a result of the breach, e.g. if the hackers used your information to carry out theft or fraud

Catherine Pinnegar, a medical negligence specialist at Wollens, said “Patient confidentiality is of the upmost importance and action must be taken when breaches are made. It can be very distressing to have personal information leaked or shared without consent.  At Wollens we have a history of assisting clients when data breaches have occurred”.



If you or someone you know has been affected by a medical personal data issue, you can contact Catherine Pinnegar for a free initial consultation on 01803 225112 or via email at [email protected] . One of the Wollens team will contact you as soon as they are available.