Sensitive details of 500 NHS doctors exposed online due to human error

Sensitive details of 500 NHS doctors exposed online due to human error

The NHS has suffered yet another data breach thanks to inappropriate handling of sensitive data by one of their staff.

Personal details of as many as 500 NHS doctors were exposed after an internal spreadsheet containing their details was published online.

Personal details of as many as 500 specialist trainee doctors at St Helens and Knowsley Teaching Hospitals NHS Trust were exposed after an internal spreadsheet containing their sensitive and private details was published online. Details in the spreadsheet included National Insurance numbers, email addresses, and home addresses of the 500 doctors.

NHS doctors using SnapChat to share patient scans and other records

The NHS Trust acted quickly to remove the exposed data and informed the Information Commissioner’s Office about the breach.

“I’m glad the Trust acted so quickly [to remove the data,] but this should never have been loaded onto the website in the first place. It has left all of us potentially at risk of identity theft or fraud or worse. It’s pretty shocking,” said one of the affected doctors to the Health Service Journal.

In July, an Italian researcher at the North Middlesex University Hospital was fired after he revealed sensitive details of 31 women who had given birth at the hospital via a Facebook post. While the breach was a cause of concern, what was more worrying that it revealed details of several women who had not consented to be part of an internal programme on which the researcher was working on.

The recent data breach at St Helens and Knowsley Teaching Hospitals NHS Trustmakes it clear that merely updating outdated software in NHS hospitals will not prevent data breach as human factor continues to remain the largest vector for such leaks.

Sensitive details of Bupa’s insurance customers breached by rogue employee

“We’re not sure that automation would remove the risk, because robots need to be programmed by competent IT managers – and it’s looking less and less like the NHS has too many available,” said Matt Lock, director of sales engineers at Varonis to V3.

In July, the ICO also found the Royal Free NHS Foundation Trust guilty for sharing sensitive data of 1.6 million patients without adequately informing patients on how their data would be used. The Trust has been ordered to conduct a privacy impact assessment which will explain how the Trust will comply with the Data Protection Act while conducting clinical safety tests.

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]