[BreachExchange] NHS staff personal data leaked in latest data breach

Audrey McNeil audrey at riskbasedsecurity.com
Tue Aug 1 19:41:28 EDT 2017


http://www.information-age.com/nhs-staff-personal-data-
leaked-latest-data-breach-123467676/

The details of hundreds of junior doctors has been mistakenly published
online by an NHS trust, according to the Health Service Journal.

In wake of this news – an instance of another data protection failure –
Phil Codd, managing director Ireland & UKI Regional Director at SQS Group,
is calling for the NHS to prioritise quality above all else when it comes
to IT.

“It has always been important to protect personal data, and the reality of
today’s ever changing digital environment, organisations need to fully
understand their data models; get to grips with their potentially
unstructured and poorly managed data, and put processes in place to keep it
safe. Defining, implementing and rigorously testing their data management
procedures will enable institutions to get it right, to live up to their
data privacy policies and to prevent avoidable data breaches in the
future.”“The news that NHS staff’s personal details have been made public
due to a data breach shows vulnerabilities in the NHS’ IT infrastructure.
While patient data has not been leaked, the details of hundreds of junior
doctors mistakenly being published online by an NHS trust shows that there
is still much more to learn since the WannaCry cyber attack.

He also emphasised the difficulty the NHS has been placed under to cut
costs, while embracing digital transformation to improve services. This
forces the institution to outsource IT contracts, which may be a major
factor as to why the NHS seems to be experiencing so many high-profile IT
problems.

“With the current turbulent British political landscape, many public sector
organisations have been placed under pressure to cut costs and embrace
digital methods to improve services. In doing so, data integrity and
quality have not been appropriately prioritised.”

“Quality ensures that the necessary safeguards are in place to protect
staff and patients during digital change. This data leak is a stark
reminder of the risks associated with providing and managing people’s data,
and suggests that the lack of quality focus within organisations can, and
will, harm trust – something that the NHS can ill afford.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170801/989b41c0/attachment.html>


More information about the BreachExchange mailing list