[BreachExchange] South East Coast Ambulance sees massive data breach

Destry Winant destry at riskbasedsecurity.com
Thu Jul 16 10:09:49 EDT 2020


https://www.kentonline.co.uk/ashford/news/data-breach-at-ambulance-service-230388/

The South East Coast Ambulance Service has experienced a massive data
breach and has referred itself to a privacy watchdog.

In May, the personal and medical details of all ambulance staff could
have been seen by employees outside of senior management.

South East Coast Ambulance Service has referred itself to a privacy
watchdog. Stock image

An internal memo revealed that a server containing details of sick
leave - including operations and mental and physical health issues -
was for 10 days accessible to seven people who were not managers.

The provider notified the Information Commissioner’s Office, which is
responsible for maintaining privacy rules over public information.

The issue was fixed and internal inquiries made to ensure no one had
accessed the information.

A spokesman said: "We take information governance extremely seriously
and took steps to address this issue when it was discovered.

"This was an isolated incident which occurred while an update was
taking place to our systems and which resulted in the usual restricted
access controls in place being unknowingly lifted.

Details of operations and health issues were available to a pool of
people outside of senior management. Stock image

"An investigation took place and it was established that during a
10-day period in May 2020 there were a small number of individuals
within the Trust who could have potentially accessed personal
information.


"These individuals were contacted and all, bar one, were unaware of
this potential access. The remaining individual had already alerted
the department involved when they became aware.

"There is no evidence that any staff details were inappropriately
accessed. However, we decided to write to all staff who could have
potentially been affected in the interests of transparency. We also
reported the issue to the Information Commissioner's Office for the
same reason.

"We are sorry for any distress this may have caused members of staff
and would like to assure them that the issue has been resolved."


More information about the BreachExchange mailing list