Expert Comments

Experts On NHS Patients Have Data Exposed After Human Mistake

Expert(s):
Expert(s):

It has been reported that a data breach at NHS Highland has led to the personal information of 284 patients with diabetes being shared with more than 30 people. The error, which occurred on Tuesday, November 17, led to the names, dates of births, contact information, and hospital identification numbers of the patients being revealed. The information had been stored in a spreadsheet and included recorded notes of when patients attended or were offered training. NHS Highland referred itself to the Information Commissioner’s Office (ICO) over the incident the following day and has contacted patients affected via a letter.

No personal information relating to medical history was shared.

Source: https://www.pressandjournal.co.uk/fp/news/highlands/2679853/concern-as-personal-data-of-284-diabetic-patients-breached-at-nhs-highland/

Experts Comments

Dot Your Expert Comments
Paul (PJ) Norris
November 27, 2020
Senior Systems Engineer
Tripwire

Ensuring that each individual within the workforce has only the access necessary to do their job can help reduce the risk of a data leak.
This breach, however, contained in size, further confirms that unfortunately the risk of human error – whether it is sending out personal details to the wrong recipient or misconfiguring cloud storage – can never be completely eliminated. For this reason, having adequate security measures is a must for protecting data. Ensuring that each individual within the workforce has only the access necessary to do their job can help reduce the risk of a data leak occurring in this manner. Having.....Read More
This breach, however, contained in size, further confirms that unfortunately the risk of human error – whether it is sending out personal details to the wrong recipient or misconfiguring cloud storage – can never be completely eliminated. For this reason, having adequate security measures is a must for protecting data. Ensuring that each individual within the workforce has only the access necessary to do their job can help reduce the risk of a data leak occurring in this manner. Having multiple layers of security is vital to protect the data that matters.  Read Less
Martin Jartelius
November 27, 2020
CSO
Outpost24

We are seeing too many organisations taking a lax approach to data security and the consequences are showing.
While this incident is unfortunate, it cannot be traced to cybercriminal activity. Instead, this is simply an instance of human error and careless data security hygiene. This is all the more concerning when considering the similar issue that faced NHS England’s Test and Trace app. We are seeing too many organisations taking a lax approach to data security and the consequences are showing. No institution should be storing ultra-sensitive personal health information (PHI) or personally.....Read More
While this incident is unfortunate, it cannot be traced to cybercriminal activity. Instead, this is simply an instance of human error and careless data security hygiene. This is all the more concerning when considering the similar issue that faced NHS England’s Test and Trace app. We are seeing too many organisations taking a lax approach to data security and the consequences are showing. No institution should be storing ultra-sensitive personal health information (PHI) or personally identifiable information (PII) in plain text in a spreadsheet. While this event is being reported as a data breach, in reality, it is nothing more than a critical clerical issue. Fortunately, the data was not stolen or openly distributed, however, this is a lesson that organisations should take note of if they wish to avoid the headlines in the future.  Read Less
Javvad Malik
November 27, 2020
Security Awareness Advocate
KnowBe4

This is an unfortunate incident and healthcare records are some of the most sensitive data that people like to keep private.
This is an unfortunate incident and healthcare records are some of the most sensitive data that people like to keep private. Due to the fact that the information was stored on a spreadsheet and easily emailed out serves as a reminder that even if organisations have good security controls, they won't be effective unless there is a culture of security and staff understand the importance of securing data. It's an organisations responsibility to inform staff of the importance of cybersecurity and .....Read More
This is an unfortunate incident and healthcare records are some of the most sensitive data that people like to keep private. Due to the fact that the information was stored on a spreadsheet and easily emailed out serves as a reminder that even if organisations have good security controls, they won't be effective unless there is a culture of security and staff understand the importance of securing data. It's an organisations responsibility to inform staff of the importance of cybersecurity and provide the tools, training, and processes needed to keep information secure.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...