Health firm told to make changes after cyber scam
PA MediaFirst Contact Health has been told to make changes to its security measures by Guernsey's Data Protection Authority.
It found the company broke data protection laws and did not have sufficient measures in place to protect personal data, after an employee fell victim to a cyber scam.
The authority said it was first reported to them in May 2024, with it saying the company failed to implement further measures to reduce the risk of unauthorised access to the account.
First Contact Health said that since the incident, the clinic has completed a comprehensive system-wide security upgrade to ensure the continued protection of patient data.
It added: "We want to reassure our patients that our primary Electronic Medical Record (EMR) system - which stores the vast majority of patient files - was not breached.
"The incident involved very limited information pertaining to a small number of patients. Those specifically affected have been contacted directly."
The company said that there has been system upgrades, a schedule for regular, rigorous security audits and collaborative protection.
Follow BBC Guernsey on X and Facebook and Instagram. Send your story ideas to channel.islands@bbc.co.uk.
