Recent Breaches
Breaches
2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen
View All →
Breaking NewsUpdated as information becomes available
Back to Knowledge Vault
Breach AnalysisBreaking10 July 20264 min read

NHS Chief Condemns Patient Record Snooping

Sir Jim Mackey has warned 40 NHS workers who accessed a child's medical records. Mark Fermor explains how air-gapped storage prevents insider snooping.

Mark Fermor

Mark Fermor

Director & Co-Founder, Firevault

Share
An empty hospital corridor at blue hour with a closed steel records cabinet, representing secure offline patient data storage.

NHS chief Sir Jim Mackey has issued a stern condemnation of medical staff who access patient records out of curiosity, describing such actions as a disgraceful breach of trust and a violation of the law. The warning comes as Cambridge University Hospitals (CUH) launches an investigation into a significant insider breach involving the records of a three-year-old child.

What Happened

On 8 July 2026, Sir Jim Mackey launched a national NHS campaign to educate employees on the legalities of data access and the severe consequences of misconduct. This initiative follows a series of high-profile incidents across the United Kingdom. Most recently, CUH referred itself to the Information Commissioner''s Office (ICO) after approximately 40 staff members accessed the medical records of a young boy injured in a crocodile pit at Johnson''s Zoo on 18 June 2026. The trust is currently investigating whether these individuals had any valid clinical reason to view the files.

This is not an isolated occurrence at the trust, which recently dismissed five other staff members for inappropriate record access. Similar breaches have occurred elsewhere; Nottingham University Hospitals NHS Trust dismissed 11 employees in May 2026 for snooping into the records of the victims of the 2023 Nottingham stabbings. Furthermore, a former healthcare worker was recently cautioned by the ICO for attempting to obtain and sell the medical records of the Princess of Wales.

What Data Was Exposed

The breaches involve sensitive medical histories, treatment plans, and personal identification details of patients. In the case of the CUH incident, the private medical data of a minor was exposed to dozens of unauthorised viewers. Such data is highly sensitive and protected under strict confidentiality laws, yet it remains vulnerable to "insider curiosity" where staff use their legitimate credentials to view high-profile or sensational cases.

Why This Matters

When staff members abuse their access rights, it undermines the fundamental relationship between the patient and the healthcare provider. Chris Dzikiti of the Nursing and Midwifery Council noted that confidentiality is a cornerstone of professional practice. Beyond professional disciplinary action, these breaches can lead to criminal prosecutions by the police and the ICO.

"The human element remains the most unpredictable threat vector in data security," says Mark Fermor, co-founder of Firevault. "Technical safeguards like multi-factor authentication are essential, but they cannot always prevent a motivated insider with valid credentials from browsing sensitive files. This trend of curiosity-driven breaches proves that even the most trusted environments are at risk when data is constantly available on a live network."

The Offline Alternative

To mitigate the risks of insider snooping and mass data exposure, organisations must reconsider how and where sensitive archives are stored. Firevault provides a robust solution through Layer 1 physical air gap storage. By keeping data physically disconnected from the network when it is not in active use, Firevault ensures that sensitive records are not available for casual browsing by unauthorised staff or external hackers.

Mark Fermor explains that the Firevault approach removes the constant "online" temptation. "If sensitive patient archives are stored in a physically isolated environment, they cannot be accessed on a whim. Our air-gapped technology ensures that data is only accessible when specifically required, providing a definitive barrier against both malicious intent and misplaced curiosity."

Key Takeaways

  • Insider threats are pervasive as demonstrated by the 40 staff members who inappropriately accessed a child''s medical records at Cambridge University Hospitals.
  • Severe consequences await offenders including summary dismissal, permanent loss of professional registration, and potential criminal prosecution.
  • High-profile cases attract snooping with recent breaches involving victims of violent crime and members of the Royal Family.
  • Technical safeguards are insufficient on their own, as they do not stop authorised users from acting outside of their professional remit.
  • Air-gapped storage offers protection by removing sensitive data from the live network, thereby preventing unauthorised viewing and ensuring long-term data integrity.

About the author

Mark Fermor

Mark Fermor

Director & Co-Founder

Co-founder of Firevault, focused on offline secure storage and protecting individuals and businesses from fraud, fines, loss and damage. Speaker, owner and advisor.

Share this article

Breaking News
Breach Analysis10 July 20264 min read

NHS Chief Condemns Patient Record Snooping

Sir Jim Mackey has warned 40 NHS workers who accessed a child's medical records. Mark Fermor explains how air-gapped storage prevents insider snooping.

NHS Chief Condemns Patient Record Snooping
Mark Fermor
Published by Mark Fermor, Director & Co-Founder