UK Hospital Somehow Manages To Turn A Patient's Private Message Into Its Voicemail Greeting

from the how-may-we-misdirect-your-call dept

We've covered a lot of data breaches on this site over the years. Most involve the leakage of personal info via unsecured databases or careless data handling. But I doubt we've covered anything as bizarre as this. (via Databreaches.net)

A Devon hospital has apologised after a caller’s voicemail, containing personal patient details, became the hospital’s answerphone message for more than seven hours.

During that time the caller was inundated with calls from patients giving details about their health problems believing they were ringing North Devon District Hospital in Barnstaple.

Somehow, through the magic/convolutions of business phone systems, the message a woman left while calling to set an appointment for her husband somehow became the message greeting callers who were unable to reach a live human being.

Adding inconvenience to possibly tortious injury, the hospital somehow managed to route a number of inbound calls to the person whose message it had accidentally co-opted, resulting in the person (who had yet to discover her personal information had been compromised) fielding phone calls from other patients, who ended up sharing their personal info with a complete stranger.

The woman, who asked not to be named, said: “I didn’t think any more of it until an hour and a half later an elderly man called our home phone talking about his private parts as he had a problem and had to have an operation.

“I said to him, ‘I’m ever so sorry but I don’t know what you’re talking about?’. He replied, ‘they have given me your number’.

The hospital's explanation for this incident isn't very reassuring. It places the blame on outdated equipment. Unfortunately for people who don't want their personal info handed over to complete strangers, there's no telling how many public and private entities could make the same claim about their phone systems.

She said: “The phone lines were redirected and I was told it was completely human error because some parts of the hospital are still using old answer machines."

And yet old answering machines are operated all the time without turning a message someone left into a voicemail greeting. Sure, it's not impossible. But good god is it ever unlikely.

Stupidity before malice, as the saying goes. There's no conceivable reason the hospital would want to generate this kind of press, so it would be irrational to think someone did this to deliberately harm this person. But harm was done nonetheless, and the combination of the UK's Data Protection Act and the GDPR could result in a pretty hefty fine for the hospital. The going rate is "4% of turnover [gross revenue]" -- something that has seen maximum fines rise from £500,000 (the amount charged Equifax) to £183 million (levied against British Airways).

Since the Devon hospital is unlikely to replace its hardware immediately, the risk of repetition still remains. Considering it's apparently never happened before, the risk is low -- but certainly not nonexistent. Adding humans to outdated tech will sometimes result in errors that aren't easily replicated. Given that we've heard nothing comparable to this in the many years this blog has been running, this hospital's inadvertent use of patient's sensitive message as its own answering machine greeting is likely to remain a data breach unicorn.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data protection, devon, health information, privacy, uk, voicemail
Companies: north devon district hospital


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Oct 2019 @ 2:09pm

    Since the Devon hospital is unlikely to replace its hardware immediately, the risk of repetition still remains.

    The threat of a crazy fine is meant to prevent that—to make it cheaper to implement security than stick with the broken system.

    reply to this | link to this | view in chronology ]

    • identicon
      Bobvious, 18 Oct 2019 @ 5:51pm

      Re: outgoing messages

      "Thank you for calling the North Devon District Hospital. All our operators are currently engaged but you can choose one of the following voice selections:

      For Admin - say One
      For Accounts - say Three
      For Outpatients - say Seven
      To leave a recorded message - say Nine, or
      to be transferred to our German Translation department, say Nein."

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2019 @ 3:16pm

    Hospital can also be sued not only for GDPR, but for giving out private medical information, which is a protected class of data.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2019 @ 3:54pm

    Not sure how age or obsolescence can cause such a thing, or cause the human error which causes such a thing.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Oct 2019 @ 4:18pm

      Re:

      Pretty sure that "Age and Obsolescence" are fairly common causes of human error... And with the government looking to raise state pension age above the life expectancy of many parts of the UK, we'll see many more errors in the future.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Oct 2019 @ 6:53am

        Re: Re:

        "Age and Obsolescence"

        idk, I remember making plenty of errors at every stage of life.
        How does obsolescence cause human error? Obsolete human knowledge or obsolete equipment being used?

        reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 18 Oct 2019 @ 4:32pm

      Re:

      I am fairly certain that this 'error' took much more than age or obsolescence. In fact, I am having a hard time figuring a way it wasn't deliberate, unless this was one of those answering machines that had two tapes, with the same size cassette, and for some obtuse reason the 'error maker' took both out at the same time and switched them.

      As feeble as that explanation might be, it doesn't answer the question about how someone decided to give out a patients phone number to other patients calling for advice. From my reading of the article, it wasn't on the message, though that might be a misinterpretation.

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 21 Oct 2019 @ 6:48am

        Re: Re:

        I am having a hard time figuring a way it wasn't deliberate

        If an error is possible, some user will accidentally find a way to make it sooner or later.

        reply to this | link to this | view in chronology ]

    • icon
      Matthew Cline (profile), 18 Oct 2019 @ 4:45pm

      Re:

      A possible scenario: the hospital has two different phone messaging systems, one old, one new, which have different series of button presses to do the same thing. An employee who has to use both systems used the old one while thinking it was the new one, entered the wrong series of button presses, and created this disaster.

      reply to this | link to this | view in chronology ]

  • identicon
    jojo, 22 Nov 2019 @ 2:14am

    Thank you so much

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.