FALKLAND ISLANDS GOVERNMENT

PRESS STATEMENT

28 August 2025

 

Falkland Islands Government Apologises for Hospital Data Breaches

 

The Falkland Islands Government (FIG) and the King Edward VII Memorial Hospital (KEMH) have today made a wholehearted and unequivocal apology to those in the community that were affected by the breach of privacy by two former KEMH employees, and for FIG’s failure to proactively manage and follow up these breaches at the time.

 

The full apology was delivered today on behalf of FIG by the Chief Executive Andrea Clausen at a meeting of the Legislative Assembly and will also be published in today’s edition of the Penguin News.

 

In 2019 and then again in 2022 it was discovered, following enquiries from patients about access to their confidential medical records, that members of staff at the KEMH, with no connection to those specific episodes of care, and without any legitimate or justifiable reason to view those episodes of care had been doing so.

 

The apology acknowledged that when confidential information is held and used by an organisation, a duty of trust exists whereby service users can reasonably expect their data to be held securely and only viewed and used for legitimate reasons which are directly linked to the operation of the organisation holding that data. For some individuals affected, the data breaches have caused emotional distress and, in some cases, may have deterred those individuals from accessing certain services due to a loss of trust.

 

The apology went on to note that individual circumstances of each person affected are different, meaning that for some individuals these breaches may have caused considerable emotional distress which may have regrettably impacted on other aspects of their lives. FIG and KEMH deeply regrets any emotional distress caused and any subsequent impacts of this.

 

It is accepted that those affected by the first data breach had to wait four years for any detailed apology despite the KEMH and FIG being aware that their right to confidentiality had been breached. Whilst the KEMH and FIG have since made previous apologies, it is now recognised that a meaningful apology which reflects the full impact of the data breaches on all members of the community and complies with best practice has not previously been made.

 

FIG Chief Executive Andrea Clausen said: “We hope the community will accept this apology as genuinely meant; recognising both the impact on those affected and the need to ensure steps are taken to reduce the likelihood of such circumstances occurring again in the future”.

 

An independent external review to learn from previous breaches and to improve on current practices is to be arranged. The terms of reference for this review have been developed in consultation with the representative group Justice4Patients. This review will seek to understand how data breaches have been handled by the KEMH and FIG, what further lessons can be learned, and what additional measures can be taken to further strengthen information governance and improve our response when things go wrong. Those impacted by the data breaches will have the opportunity to meet with reviewers to detail the impact it has had on them. The results, recommendations and action plan will be made public.

 

Members of the community who feel that their concerns in relation to these data breaches have not been heard, or recognised, and who wish to receive a personal apology may request an appointment with the Director of Health and Social Services by calling 28017 or e-mailing pa.dhss@kemh.gov.fk