More serious data breaches have taken place within the NHS than any other UK organisation since the end of 2007, according to the Information Commissioner’s Office (ICO).

A total of 287 breaches were reported, accounting for more than 30% of the total number, deputy commissioner David Smith told the Infosec security conference.

Mr Smith said that 113 incidents occurred due to stolen data or hardware, with a further 82 cases of lost data or hardware.

Mr Smith said the results could be skewed as not all private sector firms shared the public sector culture of reporting all breaches to the ICO.

Richard Vautrey, the deputy chair of the British Medical Association’s GPs committee, said: “We need to keep their breaches in perspective.”

He suggested the high proportion of breaches reflected the NHS’s size, complexity and openness, and said it was important to allow people to opt out of having their data stored on national databases if they wanted to.

Since April, the ICO has had the power to fine organisations up to £500,000 for serious data breaches.