Healthcare providers accounted for a fifth of all of personal data breaches in 2022-23. According to the ICO, there have been 19 notifications of organisations providing healthcare services which have breached patients’ data since 2019. In one case highlighted by the commissioner, the Young Men’s Cristian Association (YMCA) of London was fined £7,500 after it sent emails to 264 people intended for people on its HIV support programme but copied all addresses in rather than blind copying the emails. This meant recipients could see