A data security attack has been reported, exposing the detail that several NHS staff’s personal information have been stolen.
Hackers raided the system of IT company Landauer and copied the Names, dates of birth, radiation doses and national insurance numbers of the medical staff who worked with X-rays.
However, the health boards claim that the data breach has not affected any patient.
bluehost® helps big brands scale WordPress.
BlueHost: Get Professional Website Hosting For 3.95/MonthTry BlueHost Now
Andrea Hague, director Velindre Cancer Services said that the 530 staff members of NHS trust have become a victim of the attack.
“Landauer has indicated that the breach was made on one of its UK servers, directly impacting on the Radiation Protection Service (RPS), a facility run by the Velindre Cancer Centre,” Andrea said.
“The RPS provides a radiation dose monitoring service to a number of organizations, including health boards in Wales.
“Notification of the data breach was received by the Trust on January 17 this year, but it is understood that the actual incident happened in October 2016,” she said.
Andrea explained the ongoing discussion with the host company as a cause of delayed notification of the incident.
“We understand how much importance people and companies place on the security of personal information and, while this breach is not within Velindre’s own managed systems, this serious incident is, nonetheless, deeply disappointing.”
About 654 staff members compromised personal data at Betsi Cadwaladr University Health Board and also several individuals who are working as NHS staff in England and Scotland and people working for private dentists and vets.
“We have contacted all the staff affected to reassure them that Landauer has acted swiftly to secure its servers and that, since the attack, it has undertaken significant measures in connection with its UK IT network to ensure that no further information can be compromised,” A spokesperson for Betsi Cadwaladr University Health Board said.
“Landauer has also arranged for the staff affected to have free access to the credit monitoring agency Experian for the next 24 months.
“We are also working closely with our Information Governance department and the Information Commissioner’s Office to ensure that the actions we have taken are in line with our requirements under the Data Protection Act 1998.”
A spokesperson for Welsh government said that we are aware of the incident and looking forward to the complete details of the investigation and outcome.
“This is an incident in a large global company holding data on individuals in many countries around the world,” he said.
“This problem affects individuals in England and Scotland also. NHS staff have been made aware of the situation and appropriate measures have been put in place to support them.”