NHS Investigates Unauthorized Access to Child’s Medical Records After Crocodile Attack Incident
The NHS confirmed that 40 staff members at Addenbrooke’s Hospital in Cambridge accessed the medical records of a three-year-old boy, triggering an internal probe into data privacy violations. The incident has intensified scrutiny of healthcare data security protocols.
NHS Unveils Internal Probe into Data Breach
A Cambridge University Hospitals NHS Foundation Trust spokesperson revealed the investigation, stating, “We are conducting a thorough review of all staff who accessed the records to ensure compliance with data protection regulations.” The probe, managed by the trust’s governance team, aims to identify breaches of the General Data Protection Regulation (GDPR).
The hospital’s internal audit will focus on whether staff accessed records without legitimate clinical justification, a practice explicitly prohibited by NHS guidelines. The trust has not yet disclosed if any disciplinary actions have been taken against the 40 employees involved.
A Three-Year-Old’s Records at Center of Privacy Scandal
The boy’s medical files were accessed following an incident where he was thrown into a crocodile pit. Addenbrooke’s Hospital has not confirmed whether the child received treatment for injuries, stating only that the records in question pertained to his care at the facility.

A trust representative added, “We are working closely with the Information Commissioner’s Office (ICO) to determine the scope of the breach.”
ICO Warns of GDPR Violations in Healthcare
The regulator has the authority to impose fines for such breaches.
Leadership Pledges Immediate Training Over Data Security
The trust has mandated immediate data protection training for all employees.
NHS Faces Broader Cybersecurity Scrutiny
The incident has reignited debates over the NHS’s ability to safeguard sensitive information. With 40 staff implicated in a single breach, watchdogs are questioning the adequacy of current access controls and audit mechanisms. The trust’s governance team will now evaluate whether the breach stemmed from negligence, malice, or systemic flaws in staff training.
As the investigation unfolds, the NHS faces mounting pressure to demonstrate that its data security measures meet the standards expected of a modern healthcare system. For the boy’s family, the breach adds another layer of distress to an already traumatic event.
Related reading