NHS admits its medical records database is a security nightmare waiting to happen

Patient confidentiality and the security of medical records could be put at risk by the NHS' new £50 million Care.data medical records database, according to the public sector's own risk analysis.

A document shared with The Telegraph has revealed internal concerns surrounding the controversial proposed database, with decision makers worried that it could allow hackers to "maliciously" identify patients by their records.

"The risks described include threats associated with 'cyberspace' such as hackers attempting to access the data illegally," the document discloses.

The document also raises concerns that the scheme could lower public trust in the NHS and result in patients withholding information from their doctors to avoid it being made available to hackers.

This report comes at a time when public sector confidence in the government's ability to deliver ambitious IT projects effectively and securely is at an all-time low.

"The extraction of personal confidential data from providers without consent carries the risk that patients may lose trust in the confidential nature of the health service," it says.

"This risk is two-fold; firstly, patients will not receive optimal healthcare if they withhold information from the clinicians that are treating them; and secondly, that this loss of trust degrades the quality of data."

Security expert Chris McIntosh of ViaSat UK, said "Moving patient data to a centralised database naturally has its risks and while information needs to be useable it also needs to be secure".

"Health records will inevitably be seen as a lucrative target for hackers," he added. "Sensitive information like this can be used by malicious parties for blackmail and extortion both now and even years down the line."

The Care.data scheme will hold information on past illnesses, medication, weight and blood pressure. The data will be taken directly from medical files next month and put into a central database, which will hopefully be secured with more care than the current paper-based records.

All 26 million households in England will soon be notified about the changes, giving them the chance to opt out.

The masterminds of the £50  million data-sharing plan say it will improve healthcare and help medical research.

Health researchers and private firms will be able to access data from the records, but only if they can demonstrate it will benefit patient care or enable further scientific advances.

On Sunday, a prominent patients' and privacy groups said the document "confirms some of our worst fears".