The UK's National Health Service had 16 breaches that exposed 1.8 million health records during the 12-month period ending in July 2012, the Daily Mail reports.
Some of those breaches have resulted in hefty fines imposed by the Information Commissioner's Office, which has the power to fine organizations that violate the Data Protection Act.
The ICO issued fines totaling £1 million during the one-year period, the Daily Mail reported.
Details on Fines
The largest breach penalty was against Brighton and Sussex University Hospitals NHS Trust, which was fined £325,000 for a breach involving hard drives containing healthcare information on tens of thousands of individuals that were sold on the Internet.
That fine has since been appealed by the trust on the grounds that they the organization had arranged for an experienced IT service provider to dispose of the hard drives and that it acted swiftly to recover the hard drives put up for sale on eBay.
In June, Belfast Health and Social Care Trust in was fined £225,000 for a breach incident related to sensitive patient information that was left at a closed hospital (see: £225,000 Fine for Not Securing Records).
The Central London Community Healthcare NHS Trust was fined £90,000 in May for a breach involving patient lists repeatedly faxed to the wrong recipient (see: London NHS Trust Fined Over Breach).
For reports on other ICO fines, see: