A health board is under scrutiny after an unidentified woman, posing as a nurse, successfully infiltrated St Andrews Community Hospital in Fife, Scotland. The incident, treated as a failed coup attempt, resulted in the theft of medical records belonging to 14 patients, sparking concerns about data security and patient safety.

The woman, masquerading as an agency nurse, managed to assist with patient care and access sensitive medical records during the breach in February. Although she was challenged and left the premises shortly afterwards, the health board acknowledged that the individual had access to a handover document containing patient information.

NHS Fife, which operates the facility, expressed regret and issued an apology to those affected. The incident was promptly reported to Police Scotland, and the Information Commissioner’s Office (ICO) is investigating the security breach.

The stolen documents, including treatment plans and SBAR (situation, background, assessment, recommendation) records, contained personal identifiers and special health category data. Patients and their families have been informed of the breach, and additional security measures have been implemented to prevent a recurrence.

St Andrews Community Hospital, housing two inpatient wards, specialises in providing rehabilitation for older individuals and those with complex discharge needs.

The ICO reprimanded the health board, citing a lack of identification checks and an unclear process that facilitated the unauthorised access to patient records. The report noted that CCTV on the ward had been accidentally turned off at the time, complicating efforts to identify the culprit.

Acknowledging a “potential ongoing risk” to patients, the ICO emphasised the unknown intentions of the individual involved. Police Scotland, who received the report on February 1, 2023, confirmed that inquiries have been conducted, but no arrests have been made.