Human Factors / Sensitive details of 500 NHS doctors exposed online due to human error
Sensitive details of 500 NHS doctors exposed online due to human error
3 August 2017 |
The NHS has suffered yet another data breach thanks to inappropriate handling of sensitive data by one of their staff.
Personal details of as many as 500 NHS doctors were exposed after an internal spreadsheet containing their details was published online.
Personal details of as many as 500 specialist trainee doctors at St Helens and Knowsley Teaching Hospitals NHS Trust were exposed after an internal spreadsheet containing their sensitive and private details was published online. Details in the spreadsheet included National Insurance numbers, email addresses, and home addresses of the 500 doctors.
The NHS Trust acted quickly to remove the exposed data and informed the Information Commissioner's Office about the breach.
"I'm glad the Trust acted so quickly [to remove the data,] but this should never have been loaded onto the website in the first place. It has left all of us potentially at risk of identity theft or fraud or worse. It's pretty shocking," said one of the affected doctors to the Health Service Journal.
In July, an Italian researcher at the North Middlesex University Hospital was fired after he revealed sensitive details of 31 women who had given birth at the hospital via a Facebook post. While the breach was a cause of concern, what was more worrying that it revealed details of several women who had not consented to be part of an internal programme on which the researcher was working on.
The recent data breach at St Helens and Knowsley Teaching Hospitals NHS Trustmakes it clear that merely updating outdated software in NHS hospitals will not prevent data breach as human factor continues to remain the largest vector for such leaks.
"We're not sure that automation would remove the risk, because robots need to be programmed by competent IT managers - and it's looking less and less like the NHS has too many available," said Matt Lock, director of sales engineers at Varonis to V3.
In July, the ICO also found the Royal Free NHS Foundation Trust guilty for sharing sensitive data of 1.6 million patients without adequately informing patients on how their data would be used. The Trust has been ordered to conduct a privacy impact assessment which will explain how the Trust will comply with the Data Protection Act while conducting clinical safety tests.
Latest posts by Jay Jay (see all)
- Google stops Huawei’s access to Android updates and Google services - 20th May 2019
- Ten cyber criminals behind GozNym malware operations indicted in the US - 16th May 2019
- Less than 1% of data breach investigations by ICO resulted in monetary fines - 16th May 2019
- Huawei commits to signing non-spy agreement with Britain - 15th May 2019
- All Intel chips since 2011 vulnerable to new ZombieLoad attack - 15th May 2019