An organisation set up to focus on the delivery of health and social care on the Isle of Man has been given a three-month deadline to stop data breaches.

Manx Care will be ordered to pay £170,000 if they fail to prevent breaches of people’s private data within the next three months.

This warning comes after 1,870 people received an email attachment showing people’s confidential health information in 2021.

Originally, the deadline for Manx Care to sort out the issue was December 31, 2022; however, it has now been changed to March 31, 2023, to give the health care provider more time to develop secure systems.

Iain McDonald said: “The extension had been put in place because work to ensure the security of patient data being distributed internally had commenced. However, there was still significant work to be completed.”

Manx Care was already struggling to handle confidential data before the distribution of the email in October 2021.

In July 2022, the organisation was imposed with a financial penalty if they failed to comply with making its data systems more secure.

“If Manx Care fails to comply with the notice by March 31, the fine would become immediately payable and limitations would be put on the health care provider’s use of internal emails to transmit personal data,” said Iain.

Teresa Cope, Chief Executive for Manx Care, said: “A comprehensive action plan to address the issues had been submitted to the commissioner, including policy development, the changing of a global address list and putting in place a secure email system.

“Work was also under way to increase the information governance staffing to ensure the notice could be complied with, and monthly updates on progress with the plan would continue to be provided to the commissioner’s office.”

Get our free newsletters

Stay up to date with the latest news, research and breakthroughs.