Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

EXCLUSIVE: NHS Tayside data breach probe after 125 patient records released in error

Health board chiefs are conducting an internal review after an intervention by The Courier prevented patient records leaking on to the internet.

Ninewells Hospital in Dundee.
Ninewells Hospital in Dundee, NHS Tayside HQ. Image: DC Thomson.

NHS Tayside has launched an internal review after it mistakenly released the medical records of 125 patients.

The blunder happened after a Freedom of Information (FOI) request by The Courier regarding the number of people treated for animal-related injuries in recent months.

Rather than revealing how many hospital admissions there were, NHS Tayside sent us a spreadsheet which included the home addresses, birthdates and health conditions of 125 people – making it possible to identify named individuals within seconds.

One of the patients affected, who asked not to be named, told us: “I’m horrified. How on earth can this happen?”

The health board has apologised and launched an internal review to improve its data security.

It has also referred itself to the information regulator, which is “assessing” the data NHS Tayside provided.

Health chiefs plan to contact those whose names appear on the spreadsheet to apologise and explain how the error happened.

‘I’m shocked’

The Courier was able to raise the alarm before NHS Tayside published the confidential data on its website, as it usually does in response to FOI requests.

The patient, a woman who lives in a rural part of Tayside, added: “I’m shocked.

“The fact that someone has released the precise details of my hospital admission is very worrying.

“My first reaction is to be horrified. My second reaction is that it is just a really bad case of human error.

“I really hope that someone from NHS Tayside contacts me – and everyone else affected – immediately. It’s a lot to process.”

The spreadsheet, to which The Courier has since relinquished access, revealed dozens of fields of information about each patient’s medical treatment.

But our reporter was shocked to see ages, dates of birth and unique patient numbers.

Neighbouring boards, such as NHS Highland, provided general, anonymised numerical data explaining how many incidents there were.

Another local impacted by the data breach said: “This is simply infuriating.”

Health board apology

An NHS Tayside spokesperson said: “A spreadsheet was sent to a journalist in error on December 9 2024 as part of a freedom-of-information response.

“The document contained personal details of people who had been treated for injury caused by animals between April 2023 and September 2024.

“We have written directly to those affected to inform them of this error and to sincerely apologise.

“We have explained to the patients involved how this happened.

“However, we know that those impacted by this will have concerns about their data being mistakenly shared in this way and we are very sorry for this.

“We would like to reassure all those affected that we have taken a number of immediate steps to prevent this happening again.

“The breach has also been reported by NHS Tayside to the Information Commissioner’s Office (ICO) and also recorded on our DATIX incident reporting system.

“In addition, the chief executive has commissioned a learning review to evaluate systems and processes currently in place and identify actions to improve data security across NHS Tayside.”

Latest NHS Tayside data gaffe

The error is the latest in a series of data breaches committed by NHS Tayside in the last two years.

North-east MSP Maurice Golden said: “It is utterly shocking that this has happened.

“Human error is one thing, but this has now happened so often that you wonder if there are systematic problems.

“This should be discussed at the next NHS Tayside board meeting and there should be a root-and-branch review of data collection, storage and distribution.”

North-east MSP Maurice Golden. Image: Richard Gardner.

He added: “Clearly, The Courier has handled the situation in an admirable way by raising the matter with NHS Tayside at the first opportunity to ensure the board didn’t publish it on its website.

“Had this data gone to a private individual or a less-scrupulous source, it could have found its way onto the internet or social media and then it would be out of control.

“My concern is that this spreadsheet was not password protected.

“I feel for the people whose information was released and I hope this does not lead to people having second thoughts about seeking treatment in case their details are made public.”