Extremely sensitive ‘special category data available on the dark web following the Lister Fertility Clinic data breach

doctor using a computer
Share on facebook
Share on twitter
Share on linkedin

In November 2021, Lister Fertility Clinic was one of six healthcare organisations affected when Stor-a-File experienced a cyberattack. The affected companies all used Stor-a-File’s services to help manage their patient data.

After Stor-a-File allegedly refused to pay a substantial Bitcoin ransom to the cybercriminals, the hackers exposed information stolen during the attack on the dark web. At the time, many feared that the leaked data included very private and sensitive medical information. Unfortunately, the Lister Fertility Clinic has since confirmed these fears.

Lister has written to some affected patients to let them know that scanned medical records of tests and procedures were amongst the data uploaded to the dark web by the cyber gang. This type of information is classed as “special category “data, which makes this breach extremely serious.

What is special category data?

The ICO (the UK’s data protection regulator) describes special category data as “personal data that needs more protection because it is sensitive”.

Under UK law, in addition to the usual data protection rules and regulations, any organisation that processes (uses or holds) special category data must also meet additional conditions and safeguards. If special category data falls into the wrong hands, the potential impact to the individuals it is about could be devastating.

While Stor-a-File experienced the cyberattack, this does not let the Lister Fertility Clinic off the hook. Any organisation that shares data with third parties must undertake extensive due diligence to ensure that these partners meet the required data protection standards. This is especially important where special category data is involved.

If Stor-a-File did not have adequate processes and security in place and the Lister Fertility Clinic did not carry out the correct checks, the Clinic could be liable for any losses and distress experienced by victims of the data breach.

More special category data is thought to be affected by this breach

In total, six healthcare organisations were affected by the Stor-a-File data breach and thousands of patients are believed to be affected. Highly sensitive medical records, including “details of abortions, HIV tests and mental health issues” have been linked to the breach. Other stolen records relating to people suffering from anorexia, addiction and erectile dysfunction are also said to be involved.

The Lister Fertility Clinic is not the only healthcare organisation affected. Documents released on the dark web reportedly include details of British women who have had abortions at clinics run by Marie Stopes and British Pregnancy Advisory Service (BPAS). Several patients’ who attended Nuffield Health Hospital have also had their medical documents accessed during the cyberattack.

Make a compensation claim

If you were a patient of the Lister Fertility clinic, or any other organisation affected by this data breach, you could have a compensation claim. We can help you claim for any emotional distress suffered and any other losses experienced due to the violation (e.g. if cybercriminals used your details to carry out theft or fraud).

The compensation awarded could be substantial because of the sensitivity of the information exposed.

Contact us in confidence to discuss your case.

Contact us to discuss a data breach claim.

Share this article:

Share on facebook
Share on twitter
Share on linkedin