Health & Medical
Data Breach Claims

The health and medical sector handles some of our most sensitive and confidential information. If you have been the victim of a medical data breach, we can help.

Get justice for a health or medical data breach violation

As patients, we expect our confidential medical data to be taken care of.  But the UK health sector accounts for nearly half of all data breaches.

Moreover, as our health and social care system becomes increasingly digital, there are concerns that the robust protections required are simply not in place.

Our healthcare sector does a fantastic job, often under incredibly challenging circumstances. But data privacy is often being treated as an after-thought. No one wants to sue the NHS, but sometimes making a claim is the only way to force improvements in patient security. It is also worth mentioning that the NHS is insured against compensation claims.

At Keller Lenkner UK, we help our clients make compensation claims against a wide range of healthcare organisations, including:

  • GPs
  • Hospitals/NHS Trusts
  • Dentists
  • Opticians
  • Individual healthcare staff
  • Private health companies
  • Pharmacies.

If you have been a victim of a medical data breach, we can help you make a no-win, no-fee claim for compensation.

Contact us today for a free, no-obligation, assessment of your case.

Cases we handle at Keller Lenkner UK

At Keller Lenkner UK, our data protection lawyers deal with a wide range of medical breach cases every day.

Keller Lenkner UK has gained an enviable reputation in data breach law. And, with a team of data breach experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor – and considerable expertise in this field, it’s easy to see why. Here are just some examples of the health and medical cases our data protection lawyers have dealt with…

Kate's* breast surgery data breach

Kate had breast augmentation surgery at a leading UK clinic. She later started showing signs of breast cancer and made a subject access request (SAR) to the clinic to get a copy of her medical records. A SAR enshrines in law the right of access to your data, and organisations should provide the information requested via a SAR within one month.

The clinic failed to respond to the SAR, and Kate’s health deteriorated as a result.

We are helping Kate to claim compensation for the distress and avoidable damage to her health she has suffered as a result.

Tom’s* employment medical history data breach

After experiencing a period of sustained harassment at work, Tom took the matter to HR. During the subsequent formal grievance process, an employee left his confidential file on a trolley in his workplace. This file not only contained details of the harassment Tom had suffered, but it also contained ‘special category’ data such as an in-depth record of his medical history, including his numerous and severe health conditions, details of counselling sections he had attended, and GP meetings.

Tom has no idea who, or how many people have seen these records, and his mental health has deteriorated as a result.

We are helping Tom to claim compensation for the distress he has suffered because of this breach.

Denise's* clinical trial data breach

Denise took part in a clinical trial when she was a student. Some years later, cybercriminals attacked the computer systems of the medical research company and published her personal and medical details online.

Denise became very distressed due to the extremely sensitive and confidential information accessed (which included photographs and confidential medical records).

We are helping Denise claim compensation for the distress and data privacy suffered because of this breach.

*Names have been changed to protect client confidentiality.

Our current health & medical actions

In some cases, you won’t be the only person to experience a medical data breach. In these instances, it might be worth joining a data breach group action. Our current medical group actions include:


Transform Hospital Group

In December 2020, UK cosmetic surgery provider Transform Hospital Group Ltd., also known as The Hospital Group, admitted that it had been hit by a ransomware data security attack. This incident resulted in the theft of extremely sensitive customer data.

Read More »

Hammersmith Medicines Research

The Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR) – a company which performs early clinical trials of drugs and vaccines. The criminal group had previously promised not to attack medical organisations during the coronavirus outbreak.

Read More »

Why claim medical data breach compensation?

Hold organisations to account for failing to protect your private information.

Receive financial compensation for your losses.

Force organisations to implement better data security.

Why use Keller Lenkner UK to make a claim?

We are one of the most experienced multi-claimant law firms in the UK.

We represent clients in group actions and individual cases with innovation, resources, and expertise.

We work with expert barristers to ensure you get the very best level of legal support available.

We have all the resources and global expertise necessary to take on complicated cases and win.

We have offices in Chancery Lane London, Birmingham and Liverpool, and the technology to provide a nationwide service, so we can help clients across England & Wales.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.


Latest news

medical data claim

More information comes to light on huge medical data breach. Are you affected?

In November 2021, medical organisations across the UK were compromised when document management company Stor-a-File experienced a cyberattack.
In total, 13 organisations were affected, six of which are healthcare-related, when Stor-a-File was hacked. After Stor-a-File reportedly rejected a ransom of £3 million in Bitcoin, the criminals exposed very private and sensitive medical information online on the dark web.

Read More »
medical data claim

Lister Fertility Clinic data breach puts patients at risk

The Lister Fertility Clinic, which treats around 2,000 patients each year, has experienced a data breach. Sensitive medical information, including consent forms, medical history, test results, recommendations for treatment, and fertility treatment records, could all now be at the mercy of cybercriminals. About 1,700 patients are affected.

Read More »
doctor using a computer

The NHS has shared hospital data with more than 40 companies

According to an article in the Financial Times, the NHS has shared a wealth of data with several companies. Any organisation can apply for access to NHS patient data, but while some use it for planning and research purposes (e.g. local governments, public bodies, and universities), the Financial Times has discovered that it was also shared with 43 commercial businesses.

Read More »

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.


GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.