Probe launched into leak of more than 500 junior doctors' personal details
Union BMA commends trust on swift response to leak of trainee GPs' details but calls for thorough investigation
Various personal details of trainee GPs were leaked online following the breach, including home addresses and National Insurance numbers
St Helens and Knowsley Teaching Hospitals NHS Trust is investigating a data breach that caused the personal details of 500 trainee GPs to be leaked online.
The trust discovered the breach on Friday 28 July. The issue was first flagged up by number of trainee doctors who discovered that their personal details – including postal and email addresses, dates of birth, mobile phone numbers, and National Insurance numbers – were featured in two spreadsheets hosted publicly online, on a website run by an external supplier.
The trust has informed the Information Commissioner’s Office of the breach, and begun its own comprehensive investigation to try and discover how it came about. It will publish a report of its findings in due course.
- 'It's not a choice between privacy or innovation', ICO tells NHS trusts
- How should we respond to cyber attacks on public bodies?
- Health care 'disproportionately affected' by data security incidents
It has also been in touch with Google and other search engines to ask that they remove any cached data related to the breach.
“The data breach has been reviewed independently and the trust has been assured that the risk to personal security is minimal,” the trust said, in a statement. “We continue to liaise with the trainees affected and have apologised profusely for any distress or inconvenience caused.”
The British Medical Association (BMA) said that it will work with the trust and the individuals whose data was compromised to try and ensure the necessary remedial and preventative steps are now taken.
“Those junior doctors affected will be understandably worried that their personal information has been made widely accessible without their knowledge,” the union said.
“While the trust has addressed the situation promptly, it must ensure it provides the necessary support and information to those affected, and urgently investigate how and why this breach occurred to ensure that it doesn't happen again.”
The oldest claim awaiting decision was filed eight years ago and 10,000 more were added to the waiting list in the first three months of 2020 alone
Consultation opened on addition of eighth principle for the health system’s use of data
Annual fraud data shows lost phones, online shopping sprees and some mysterious missing timepieces
ICO alerted to data breach at Babylon Health
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
CyberArk's John Hurst looks at the true cost of GDPR breaches