Another NHS breach…

A report has revealed that up to 500 junior doctors’ personal information has been compromised at St Helens and Knowsley Teaching Hospitals NHS Trust. The breached data included phone numbers, email addresses, National Insurance numbers and home addresses.

The St Helens and Knowsley Teaching Hospitals NHS Trust covers Merseyside, Cheshire and Lancashire. The breach occurred when a spreadsheet containing the personal information was linked to a Trust website. The reason for the high number of junior doctors affected was that the list contained details for all the specialist trainee doctors across the north west.

It was revealed that the breach was flagged when trainee doctors found out their personal information was available online via an external supplier’s website.

One of the doctors affected by the breach told the Health Service Journal:

I’m glad the Trust acted so quickly [to remove the data,] but this should never have been loaded onto the website in the first place. It has left all of us potentially at risk of identity theft or fraud or worse. It’s pretty shocking.

A spokeswoman for the St Helens and Knowsley Teaching Hospitals NHS Trust said:

On Friday, July 28 the trust was made aware of a data breach relating to a particular cohort of lead employer trainees via a website hosted by an external IT supplier.

The data was immediately removed and an investigation commenced. The data breach has been reviewed independently and the Trust has been assured that the risk to personal security is minimal. The Trust has informed the Information Commissioner’s Office and will be providing a full report upon completion of the investigation.

We continue to liaise with the trainees affected and have apologised profusely for any distress or inconvenience caused.

Educate your staff

Minimise the risk of human error by making sure non-technical staff are familiar with the basics of information security by enrolling them on our Information Security Staff Awareness E-Learning Course. The course advises staff on how to avoid becoming a security liability, introducing them to your internal policies on incident reporting and responses. Your staff are on the frontline: give them the awareness training they need.

Reduce your security risk exposure >>