Guernsey's Medical Specialist Group has been fined £100,000 for a data breach involving stolen patient emails.
24/10/2025
The cyberattack happened in August 2021, but took more than three months to discover.
Criminals had accessed the firm's email server.
The Data Protection Authority says emails were stolen and patients targeted by phishing scams, leaving thousands of people vulnerable to theft.
The MSG reported the breach, and the Authority began an investigation.
It found the firm had 'failed to take reasonable steps to ensure the security of personal data', including by routinely failing to install security updates over a 13-month period.
The ODPA said the contraventions of the Data Protection Law were at the 'more serious end of the scale' because of the sensitive nature of the personal information that was impacted.
Commissioner Brent Homan said: “Medical information demands the highest level of safeguard protection against cyber-attacks, and the sanction in this matter reflects that the measures in place at MSG fell well short of legal requirements”
The MSG says it has since made a major investment in its cybersecurity systems and staff training.
MSG Chief Executive Dr Farid Fouladinejad said: "Protecting our patients’ information is one of our highest priorities.
"Four years ago, we were hit by a global cyber incident that affected many organisations in public and private sectors across the world.
"Since then, we’ve taken significant steps to strengthen our systems and ensure we meet the highest standards of data security.
"Our plan for the next 12 months will take us to an even higher level of security."
The fine will be reduced by £25,000 if the practice implements all the changes within the next 14 months.
Commissioner Brent Horman said the action plan exceeds what his office would have expected.
"I am confident that when the plan has been fulfilled, Bailiwick residents, many of whom use MSG’s services, should benefit from an exceptional level of protection for their health information.”
https://www.channel103.com/news/guernsey/guernseys-msg-fined-100k-for-patient-data-breach/
The Team
Meet the team of industry experts behind Comsure
Find out moreLatest News
Keep up to date with the very latest news from Comsure
Find out moreGallery
View our latest imagery from our news and work
Find out moreContact
Think we can help you and your business? Chat to us today
Get In TouchNews Disclaimer
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.