It has been reported that a data breach at NHS Highland has led to the personal information of 284 patients with diabetes being shared with more than 30 people. The error, which occurred on Tuesday, November 17, led to the names, dates of births, contact information, and hospital identification numbers of the patients being revealed. The information had been stored in a spreadsheet and included recorded notes of when patients attended or were offered training. NHS Highland referred itself to the Information Commissioner’s Office (ICO) over the incident the following day and has contacted patients affected via a letter.
No personal information relating to medical history was shared.
Experts Comments
We are seeing too many organisations taking a lax approach to data security and the consequences are showing.
While this incident is unfortunate, it cannot be traced to cybercriminal activity. Instead, this is simply an instance of human error and careless data security hygiene. This is all the more concerning when considering the similar issue that faced NHS England’s Test and Trace app. We are seeing too many organisations taking a lax approach to data security and the consequences are showing. No institution should be storing ultra-sensitive personal health information (PHI) or personally.....Read More
This is an unfortunate incident and healthcare records are some of the most sensitive data that people like to keep private.
This is an unfortunate incident and healthcare records are some of the most sensitive data that people like to keep private.
Due to the fact that the information was stored on a spreadsheet and easily emailed out serves as a reminder that even if organisations have good security controls, they won't be effective unless there is a culture of security and staff understand the importance of securing data. It's an organisations responsibility to inform staff of the importance of cybersecurity and .....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Paul (PJ) Norris, Senior Systems Engineer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Ensuring that each individual within the workforce has only the access necessary to do their job can help reduce the risk of a data leak...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-nhs-patients-have-data-exposed-after-human-mistake
Facebook Message
@Paul (PJ) Norris, Senior Systems Engineer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Ensuring that each individual within the workforce has only the access necessary to do their job can help reduce the risk of a data leak...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-nhs-patients-have-data-exposed-after-human-mistake