One patient's medical record was emailed to more than 2,200 recipients
Manx Care has failed to comply with data protection laws resulting in a number of data breaches over the last six months.
Those are the findings of the Island's Information Commissioner, who has issued an enforcement notice to the healthcare provider.
The report says Manx Care puts the personal data and special category data of its patients at risk by not complying with GDPR regulations.
It highlights one incident where the unencrypted medical record of a patient was emailed to around 2,200 recipients.
The Information Commissioner's findings say damage and distress to patients is likely due to a lack of appropriate technical and organisation measures to ensure security.
The organisation is required to compile a quarterly report for the commissioner, but its most recent submission shows there has been little progress in ensuring data is secure.
The enforcement notice has given Manx Care four months to comply with GDPR laws, including bringing in measures to ensure data sent in email attachments is secure.
The board was also given six weeks to inform the commissioner how it intends to put these measures in place, and a timeline for doing so.
Failure to comply with the enforcement notice could result in a fixed penalty, with a maximum fine of £1,000,000.
In response, Manx Care has issued a statement to Manx Radio. It says: "In view of enforcement action which relates to a period from April to December 2021, Manx Care and the Manx Care Board recognise significant work is necessary to remediate the information governance risks and challenges Manx Care currently faces, and we are committed to getting this right moving forward.
"We can confirm that a programme of work has commenced, overseen by the Manx Board and in conjunction with Cabinet Office Transformation Programme, to make all of the necessary improvements identified within the external review undertaken by KPMG as part of the Transformation Programme."
Skills Strategy hopes to tackle 'significant' skills shortage
Loganair to remove Saturday service to Birmingham
Trial for Douglas man who denies keying car
Southern Pool board welcomes assurances over site's future
Looneys of Ramsey to close
Future of Belfast flights 'precarious' due to low passenger numbers
