The health sector was responsible for the highest number of data breaches in 2023, uncovering persistent compliance issues in the sector, according to research.

Solicitor Hayes Connor analysed information on reported data breaches collected by the Information Commissioner’s Office (ICO). It found 17.42% of breaches were reported by the health sector, ahead of education and childcare (14.44%), finance, insurance and credit  (10.93%) and local government (9.90%).

Basic personal identifiable information was the most common kind of data being breached in the health sector (73.21% of incidents) followed by health data (61.66% of incidents).

Unauthorised access to data was the most common type of incident in the health sector (18.70% breaches) while data emailed to the wrong recipient was the second most common (16.22%).

The analysis found 43.88% of health sector breaches were reported past the 72-hour deadline mandated by General Data Protection Regulation (GDPR), risking substantial fines. Failure to notify a breach when required to do so can result in a significant fine of up to £18m, or 4% of a company’s global turnover.

Richard Forrest, legal director at Hayes Connor, said: “Despite regulatory advancements, and the introduction of stricter compliance mechanisms, the rate of data breaches remains a serious concern. The recent ICO trends portray a continuous need for vigilance and updated compliance strategies from businesses, especially in how they manage and protect personal data against emerging cyber threats and human error.”