phone-red Call us about IT Support in London 020 7572 0000

Edinburgh mental health clinic sued over data breach in May

Byte-size Bulletin by Rachael Brown in Security, News on Jul 2, 2021


When hairdresser Ava Spence signed up for treatment at a local mental health clinic in Edinburgh, she thought her data would be safe. Secure. Protected. 

Then in May 2021, the clinic experienced a major data breach at the hand of scammers. This scam, which took the form of phishing emails containing fraudulent clinic documents, compromised the personal data of hundreds of clients, putting their professional and private lives at risk. 

Spence had until then, trusted the clinic and its professionals with handling some of her most intimate personal details. Now? Her personal data, including everything from her address to her private medical history, is in the hand of anonymous cybercriminals. 

So she's decided to sue. 

Spence is part of a growing number of clients taking legal action against businesses that fail adequately to protect consumer data. A trend which, as more and more UK businesses are victimised by cyber criminals, will only continue to grow. 

The data breach of this clinic highlights how easy it is for cyber criminals to attack institutions, even those which should have rigorous security in place due to their handling of especially sensitive personal information.

This incident teaches us all a valuable lesson. Business owners operating today don't have the luxury of scrimping on security. The damage of a cyberattack is extensive, with long-lasting legal and financial repercussions that can haunt companies and individuals for years.

While you may be able to restore your data after a cyberattack, there is one thing you may never be able to restore.  

And that is? Your client's trust.

Because every scam, at its core, takes advantage of one thing - a system of trusted communication. We share highly personal information in a professional or social context because of this trust. When cyber criminals exploit this trust to steal personal data? it's extremely easy for a client to feel their trust was misplaced. 

For businesses, operating successfully without this trust , where your clients know they can rely and depend on you, is simply impossible. It's embarrassing and ruinous to make your business, in the chain of communication, look like the weakest link. 

These scams are simple but scarily effective.  Absolutely anyone can be affected, especially those who dismiss the risks. Pay attention to the messages you receive, enable two-step verification on all of your devices, and never give passwords or SMS security code details to anyone, no matter how trusted they may be.  

This Edinburgh clinic serves as a cautionary tale for every business that is underprepared and unprotected - act now to strengthen your cybersecurity, before you face similar threats. 

Image Credit: Adobe Stock 

Subscribe to our Bulletins

Free Download

Is IT a bottleneck to your company’s growth?

Discover how small business IT support can be a strong ally in making you more productive and competitive.

Download Ebook