University Hospitals Plymouth apologizes after email blunder exposes patients’ addresses

Leaders at University Hospitals Plymouth in southwest England have issued an apology after a data breach inadvertently exposed the email addresses of 31 patients. The incident occurred when a complaints survey was sent without using blind copy, allowing recipients to see one another’s contact details.

Sarah Brampton, deputy chief executive of University Hospitals Plymouth, which operates Derriford Hospital, described the incident as a “genuine error” and confirmed that it has been reported to the Information Commissioner’s Office. She said the hospital took immediate steps to address the mistake and notify all affected individuals.

“This was a genuine error and it was reported immediately as a data protection incident,” Brampton said. “All affected individuals have been informed of the breach and we have offered our apologies for any concern it may have caused.”

Among those impacted was Plymouth resident Barrie Skinnard, 62, who had recently visited Derriford Hospital with his wife on September 8. After experiencing long waiting times, he submitted a complaint and later received the survey that exposed the other patients’ email addresses. Skinnard expressed concern that the mistake could lead to misuse of personal information, saying he wanted to “make sure it doesn’t happen again.”

University Hospitals Plymouth has pledged to strengthen staff training and reinforce data protection protocols to prevent similar incidents. “Safeguarding the confidentiality and trust of those who use our services remains an absolute priority,” Brampton said.