An NHS hospital trust has revealed that 48 staff members inappropriately accessed the medical records of victims from the July 2024 Southport attack, sparking outrage and calls for systemic reform.
Unprecedented Breach of Trust
An internal audit at University Hospitals of Liverpool Group found that employees accessed patient files without legitimate reason following the horrific attack, which left three young girls dead and ten others injured. The breach came to light after a routine review of access logs.
Leanne Lucas, a dance instructor who was seriously wounded while protecting children during the attack, expressed her devastation. 'My privacy was invaded when I was at my most vulnerable,' she said, criticising the nearly two-year delay in informing those affected.
Systemic Failures Alleged
A legal director representing multiple victims described the incident as an 'unbelievable breach of privacy' and suggested it pointed to a systemic culture problem rather than isolated rogue behaviour. 'This was not a one-off mistake but a widespread failure of data governance,' the director stated.
James Sumner, chief executive of the hospital trust, issued a formal apology for the distress caused. He explained that the delay in notification was due to concerns about the potential psychological impact on patients at the time. Sumner confirmed that disciplinary action had been taken against the staff involved, though he did not specify the exact measures.
Calls for Accountability
Victims' families and advocacy groups are now demanding a full independent inquiry into data protection practices across NHS trusts. The Information Commissioner's Office has been notified and is expected to launch an investigation.
The Southport attack, which occurred in July 2024, remains one of the most traumatic events in the town's history. The latest revelation adds to the pain of those affected, raising serious questions about patient confidentiality in the digital age.
