Virgin Healthcare Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Virgin Healthcare Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Virgin Healthcare Data Breach

I Was Subject To A Virgin Healthcare Data Breach, Can I Make A Claim?

Since the introduction of the General Data Protection Regulation, or GDPR as it’s more commonly referred to, you have more control over how medical service providers use your personal information. The GDPR was passed into UK law by The Data Protection Act 2018 and means that your data needs to be kept safe and secure at all times. In this article, we’re going to show what harm could result if a Virgin Healthcare data breach were to occur and when that might mean you’re entitled to compensation.

Virgin Healthcare data breach claims guideThe implementation of the GDPR means you now have a lot more say over who can process your personal information, what they’re able to do with it and if they’re allowed to share it with others. In most cases, organisations have introduced processes and procedures which mean your data is safe, but accidents can still happen. We’ll therefore look at the types of data breach that can take place and when the Information Commissioner’s Office (ICO) could fine a company for breaking data laws.

If you would like free advice about claiming for a data breach, Legal Expert is here for you. Our advisors will assess your claim on a no-obligation basis and refer your case to a specialist solicitor if it has a reasonable chance of success. If the solicitor agrees to take your claim on, the work they carry out for you will be completed using a No Win No Fee service.

To begin a medical data breach claim today, please call us on 0800 073 8804. Or, if you’d prefer to find out more about claiming for a Virgin Care data breach before calling us, please continue reading.

Select A Section

A Guide To Data Breach Claims Against Virgin Healthcare

Every time you sign up to a new medical service, book an appointment or sign for treatment, you’ll probably see tick boxes asking you to agree to how the organisation can use your personal information. This is because they have to request your permission to store, use or share data about you.

By asking you to process your information, the company is fulfilling its duties under the GDPR. The most important duties they need to comply with once they have your permission is to ensure they keep your data secure and only use it for the reasons you’ve agreed to.

As you go through this guide, you’ll read about the ways in which a Virgin Healthcare data breach might happen, what problems they can cause and when you might want to request compensation for any suffering. If you do decide that you would like to claim, you need to be aware of the time limits for doing so. In most cases, you’ll have 6-years to submit your claim, but this can be reduced to a single year if your claim relates to a breach of your human rights.

While the limitation period does appear to be a long time, we’d always suggest starting your claim as soon as you’re able to. We say that because, from our experience, it’s much easier to recall how you were affected in the months after you’ve found out about the data breach than it is a few years along the road. In addition, a solicitor is likely to find it easier to request evidence relating to your claim the earlier they start working on your case.

For free advice on claiming, or to start a case with Legal Expert, why not contact a member of our team today?

What Is A Data Breach By Virgin Healthcare?

The definition of a personal data breach, in relation to the GDPR, is when a breach of security means that personal information about you is accessed, disclosed, lost, destroyed or altered using methods that have not been agreed by you. The reason for the data breach might be deliberate, illegal or happen by accident.

Also, the data doesn’t have to be digital; data breaches can involve physical documentation as well. For example, if a letter containing your personally identifiable information is posted to the wrong address, a data breach will have occurred.

While this article is about a Virgin Healthcare data breach, the information we’ve supplied could be used in relation to other healthcare providers too. Therefore, if you’d like to discuss a healthcare data breach with our team today, please call the number at the top of the screen.

GDPR Health Data Security And Privacy

To help understand the responsibilities organisations have under the GDPR, we’re going to look at some roles that it defines:

  • The data controller – this is the company who is responsible for explaining why your data needs to be processed and how it will be collected.
  • The data processor – the company, organisation or individual that will collect information on behalf of the controller.
  • A data subject – the individual whose personal information is going to be collected and processed.

Also, the GDPR sets out some important data principles:

  • The data subject must be told clearly of the reason behind why their data needs to be processed.
  • Any processing of data needs to be transparent to the data subject, fair and legal.
  • Processing of personal information needs to be completed confidentially and securely.
  • When processing data, only the minimum required to fulfil the purpose should be collected.
  • Personal information which is stored should be kept up to date.
  • The data that is processed should only be retained for as long as agreed when it’s collected.
  • Data controllers need to show that they are compliant with these data principles.

If you believe an organisation has leaked your data because they failed to comply with these rules, speak to an advisor today for free advice on your options.

Types Of Data Breaches Which Could Be Made By Private Healthcare Companies

As the world advances, more and more information about us is stored electronically. However, it’s quite possible for a data breach to occur because of mistakes made when handling other types of data.

Here are a few scenarios that could lead to personal information about you ending up in the wrong hands:

  • Where printed documents are thrown away in bins rather than being securely disposed of.
  • If a computer screen is left unlocked, allowing unauthorised parties access to your records.
  • When a member of staff who has no medical reason to do so looks up your records.
  • If a letter containing your information is sent to another patient.
  • When the organisation’s computer systems are attacked by malware, ransomware or viruses.
  • If a company shares data, including information about you, with another company that you’ve not approved.

The ways in which an organisation finds out about a security breach varies from case to case, but could include:

  • A member of the public informs them they’re in possession of personal documents.
  • When an internal audit identifies a problem.
  • If a hacker demands a ransom for the information they’ve obtained.
  • Where a patient realises that their personal information has been used illegally.

When a breach is identified, though, the organisation needs to provide details of what happened, the information that was leaked and when the breach happened to those affected, as well as the ICO.

If you’d like us to advise you on a Virgin Healthcare data breach, please let us know what information you have available and we’ll assess your case for free.

Fines Issued By The ICO Against Private Healthcare Companies

As mentioned earlier, the ICO has the power to issue companies with large fines if they break data protection rules. The fine can be up to 4% of a company’s turnover or 20 million euros. In this section, we’re going to consider some data breaches in the medical industry.

In the first case, a company had to inform the ICO of a data breach involving its app which allows patients to undergo video consultations with their GP. In this breach, 3 patients could see video recordings of consultations involving other patients when they logged in to the app.

The company, Babylon Health, acted quickly to secure the fault which happened as the result of a software error. Following the self-referral to the ICO, the company were issued with advice relating to the breach.

In total, 1 patient had viewed videos that were presented to them in the app while 2 others who were presented with the links did not open them.


In our second case, BUPA Health has alerted customers who held international private health insurance that an employee had copied and removed customer information from the company’s computer systems.

The personalised data included names, nationalities, dates of birth and some contact information relating to about 108,000 customers. BUPA made it clear that no financial information had been leaked and apologised to its customers. It also had to explain that the stolen data is believed to have been passed on to other healthcare organisations.

Following the company’s own investigation, the member of staff was dismissed from the company and BUPA are taking legal action against them. The company’s statement relating to the matter did not make it clear whether the ICO were contacted or whether any fine for the data breach had been issued.


How The Information Commissioner’s Office Could Help

When you decide that making a Virgin Healthcare data breach claim is what you’d like to do, you will need to gather evidence to prove what happened and how you were affected. To do so, you could complain to Virgin Healthcare directly and also to the ICO if you’re not happy with the outcome of your initial complaint.

When you formally complain to Virgin Healthcare, they are likely to carry out an internal investigation to find out what happened. They should then respond to you with their findings. When they do so, if you’re not happy with the outcome of their investigation, they should explain how you can escalate your complaint. If you follow that route and you’re still not happy, you could ask the ICO to investigate.

The ICO advises you to get in touch with them after it’s been 3-months since your last communication with the company you’re complaining about. If you go too far beyond that the ICO could refuse to step in. However, although the ICO is able to issue fines when a company breaks data protection laws, they won’t be able to award you any compensation.

Therefore, if you’re seeking compensation, you’ll need to make a legal claim against Virgin Healthcare yourself. If you’d like Legal Expert to help with that process, we suggest contacting our advisors before going to the ICO. Then, if your claim is accepted, your solicitor will have two options:

  1. Trying to reach an amicable settlement directly with Virgin Healthcare without involving the ICO.
  2. Advising you to make a request to the ICO to find out more about what happened before starting a claim.

To discuss how we could help you begin your claim, please discuss what actions you’ve taken so far with a member of our team today.

What Could I Claim For A Medical Records Data Breach?

When you start a claim for a Virgin Healthcare data breach, your solicitor will usually break the claim into two parts:

  • Material damages – used to compensate the victim for any financial losses the data breach has caused.
  • Non-material damages – used to compensate the victim for psychological injuries that have been caused by the data breach.

While we can’t list every single item you could claim for in this article, because every data breach victim is affected differently, we can explain the process a solicitor will follow to try and ensure you receive the correct amount of compensation.

For example, when they consider the financial impact, they might need to look at potential future losses as well as those you’ve already incurred. An example of this could be if your personal information was sold onto criminal networks, meaning it could impact your ability to obtain credit for many years to come.

Additionally, if you’re claiming for psychological injuries, your solicitor will use medical reports to try and show what impact the anxiety, stress or depression has had on your ability to cope with life, work or education and any impact on your relationships.

The process your solicitor will go through is important because they need to make one single claim. That’s because you can’t ask for compensation now and then go back in a few years’ time if you realise you’ve been affected in ways you hadn’t thought about. Once a claim is finalised, it becomes settled in full.

If you would like one of our specialist solicitors to review your case thoroughly, please get in touch with a member of our team today. They’ll conduct an initial assessment of your case and if it appears viable could refer you to one of our solicitors right away.

Calculating Healthcare Data Breach Compensation

You’re probably interested in how much compensation is paid for a data breach. While we can’t provide exact figures here, we can provide some example compensation figures in the table below.

It’s important to point out that due to a case heard by the Court of Appeal, Vidal-Hall and others v Google Inc [2015], it is possible to claim for psychological injuries even if you don’t suffer financially. In addition, the ruling said that payments for non-material damages should be settled in line with personal injury law.

The data in our table shows example figures from the Judicial College Guidelines which is used by courts and lawyers to calculate settlement amounts.

Type of InjurySeverity LevelCompensation BracketFurther details
Psychiatric DamageThere are four factors considered when awarding compensation for psychiatric damage: 1) Claimant's ability to cope with education, life and work; 2) How successful treatment is likely to be; 3) Effect on relationships; 4) Future vulnerability.
Psychiatric DamageSevere£51,460 to £108,620The injured person will have serious problems with all 4 factors listed which will result in a very poor prognosis.
Psychiatric DamageModerately Severe£17,900 to £51,460The injured person will suffer significant problems with the 4 factors but the medical prognosis will be more optimistic.
Psychiatric DamageModerate £5,500 to £17,900While the injured person will have had problems with the factors listed, there will have been a marked improvement and that will mean a good prognosis.
Post-Traumatic Stress DisorderSevere£56,180 to £94,470There will be permanent effects of PTSD in this category including flashbacks, nightmares and suicidal ideation. All aspects of the injured persons life will be affected and will mean a return to pre-trauma levels and the ability to work are highly unlikely.
Post-Traumatic Stress DisorderLess severeUp to £7,680The injured party will have made a full recovery within 1 to 2 years, with only minor symptoms.

To help prove the extent of your injuries, you will need to attend a local medical assessment where a specialist will ask questions about the impact of the data breach. They’ll document their findings in a report which will be sent to your solicitor and be used to help substantiate the level of your claim.

No Win No Fee Data Breach Claims Against Virgin Healthcare

One of the main stumbling blocks for many people who are considering a claim is that they’re worried about how much a solicitor will cost them. However, you needn’t worry about that if you choose to work with Legal Expert. Our team of solicitors offer a No Win No Fee service for all claims they accept.

Once a solicitor has reviewed your claim, if they’re happy to continue, you’ll get a Conditional Fee Agreement (CFA) to sign. The CFA will explain that:

  • You won’t pay an upfront fee before the case begins.
  • There aren’t any hidden charges or solicitor’s fees payable while the claim continues.
  • If the solicitor fails to win your case, you won’t have to pay any of their fees.

In cases where your solicitor achieves a positive result and compensation is awarded, the solicitor will retain a small portion to cover their costs. This is listed in the CFA as a success fee (which is legally capped) so you’ll know the exact percentage from the start so there won’t be any surprises when the claim is settled.

How A Data Breach Lawyer Could Help You

For many, the first part of starting a claim is to choose a solicitor to take on their case. Some people refer to online reviews; others ask friends for recommendations, and some people simply look for the nearest solicitor to their address.

In theory, each of these actions could find you a solicitor to take on your case, but they are not foolproof and could be time-consuming. An easier way to start your claim is to call Legal Expert. If your claim is taken on, your solicitor will be able to answer any questions you have and support you throughout your case. They’ll provide regular updates and handle all communications with the defendant on your behalf to make the whole process easier, so why not call us today to see how we could help?

Speak To Our Team

If you’ve decided that you’d like to claim compensation for a Virgin Healthcare data breach and would like Legal Expert’s support, you can:

Quick Resources

You’ve now come to the end of our guide about making a compensation claim following a Virgin Healthcare medical data breach. To provide you with additional support and guidance, we’ve added some links to useful resources below:

What The ICO Does – A website providing details of the functions performed by the Information Commissioner’s Office.

PTSD Information – Details from the NHS about the symptoms, causes and treatment of Post-Traumatic Stress Disorder.

Freedom Of Information Requests – Advice from the UK government on how to make FOI requests.

Virgin Atlantic Injury Claims – Information on when you could claim for an injury sustained on a Virgin Atlantic flight.

NHS Data Breach Claims – Detailed advice on the process to follow if you want to claim for an NHS medical data breach.

Virgin Cruise Ship Accident Claims – Advice on starting a personal injury claim for injuries sustained on a Virgin cruise ship

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.