The personal information of thousands of medical staff in Wales, United Kingdom, has been stolen, following a hacker attack that violated a local server company.
The total number of staff involved is 4,766, which includes not only the staff and former staff of the NHS in Wales, but also 1,343 non-NHS customers, including private hospitals and dentists, veterinary practices and airport control personnel.
The stolen data includes both sensitive information, such as names and dates of birth, as well as clinical information, such as National Insurance numbers and the medical radiation doses of radiography staff, accessed from the UK-based global dosimetry company, Landauer.
The breach, which occurred in October 2016, affected the Radiation Protection Service (RPS), run by the Velindre NHS Trust in Wales, a specialist provider of cancer services in Wales. The news only became public in January 17th, 2017;
“the reasons behind this delay in notifying us of the breach are the subject of ongoing discussions with the host company” said a spokesperson from Velindre.
“This is an incident in a large global company holding data on individuals in many countries across the world,” stated the spokesperson. “This problem also affects individuals in England and Scotland. NHS staff have been made aware of the situation and appropriate measures have been put in place to support them.”
A spokesperson for the Betsi Cadwaladr University Health Board admitted that 654 of its staff, had been affected by the violation, while he reassured patients claiming that no information on them had been stolen. Launder has also contacted all staff affected to reassure them that they acted quickly to protect their servers and that after the attack, increased levels of security measures were introduced to ensure that no further information be compromised.
This cyber-attack once more demonstrates that data held by healthcare providers is not adequately protected with security measures that prevent sensitive information from being stolen by cyber-attacks. Next year’s challenges will become increasingly important to reduce the vulnerability of businesses, to prevent attacks, and to ensure that applications continue to operate and provide a good level of service even during an attack, using cloud service solutions.