Manx Care will have to pay a £170,500 fine if it does not put suitable measures in place following a data protection breach involving a patient's private data.

An insecure email attachment containing the patient's confidential health details was sent to 1,870 recipients.

The island's information commissioner said the financial penalty would not be imposed if secure systems were put in place by 31 December.

Manx Care said work was under way.

Information Commissioner Iain McDonald said it was "unacceptable for such a significant personal data breach to occur".

When the email was sent in October last year, Manx Care had already been under an enforcement notice issued to the health department over its handling of confidential data, with a second issued in February this year.

"Previous enforcement notices attempted to get Manx Care to appropriately protect the patient data with which it is entrusted," Mr McDonald said.

"The continued failure of Manx Care to implement a secure means of communicating patient data has ultimately led to the imposition of this penalty.

"The decision to stay the payment of the penalty provides another opportunity for Manx Care to take the necessary action - public funds will only be diverted if it fails to do so.

"It is now up to Manx Care."

In a statement, the health care provider said the diversion of some staff to other roles during the coronavirus pandemic and limited resources had held up progress with the implementation of more secure patient data sharing systems.

"We acknowledge the significant failures outlined in the Enforcement Notice, which make for uncomfortable reading, and would like to offer our sincere and unreserved apologies to those individuals whose data was breached through no fault of their own," the statement added.

Why not follow BBC Isle of Man on Facebook and Twitter? You can also send story ideas to [email protected]

More on this story