NHS Lothian staff member charged following unauthorized access to patient medical records
Learn More
NHS Lothian reports a data breach on October 31, 2025, after approximately 100 patient medical records were accessed by a staff member in what appears to be an insider threat incident.
The breach was discovered by monitoring systems designed to detect unauthorized access to confidential patient information. The incident triggered an investigation that resulted in criminal charges . The exposed data includes:
- Patient medical records
- Personal identifying information (names, addresses)
- Medical conditions and diagnoses
- Treatment histories
- Appointment dates and details
- Dates and locations of inpatient admissions and discharges
- Other health information protected under patient confidentiality regulations
The breach affected approximately 100 NHS Lothian patients in the Edinburgh area. Letters were sent to all affected individuals to inform them that their medical records may have been inappropriately accessed.
Police Scotland confirmed that a woman has been charged in connection with the data breach. The individual in question is no longer employed by NHS Lothian. The health board declined to provide specific details about the employment termination, stating "we do not comment on individual members of staff."
