Thousands of Welsh NHS staff’s data stolen in hack

Details of thousands of medical staff in Wales have been stolen from a private contractor’s computer server. Names, dates of birth, radiation doses and National Insurance numbers of staff who work with X-rays were copied as hackers accessed Landauer’s system.

More information: http://www.bbc.co.uk/news/uk-wales-39249975

Following the news, below are some thoughts from Lee Munson, security researcher at Comparitech.com:

“The theft of personal information from Welsh medical staff highlights, once again, how a third party can be responsible for an organisation becoming breached.

“While the details of the attack are not yet clear, compromised staff may be asking whether the Velindre NHS Trust had appropriate access control measures in place, along with an appropriate set of security policies.

“The victims of this attack, at least one of which mistakenly believes they will not be targeted any time soon, despite the fact that it occurred 5 months ago, will need to be on the lookout for phishing attacks and suspicious activity surrounding their bank and credit card accounts.

“Identity theft should also be a real concern and they should already be taking the necessary steps to prevent long-term damage from this breach.”

(46)

Share