NHS Wales targeted in massive data hack
The names, dates of birth and National Insurance numbers of thousands of NHS workers in Wales have been stolen in a massive data breach affecting an IT supplier.
More than 1,000 staff - including cleaners, radiographers and students - at two NHS organisations, Velindre NHS Trust and Betsi Cadwaladr University Health Board, were targeted in the attack, which did not jeopardise patient information.
NHS services in England and Scotland were also affected, but to a lesser extent.
The IT firm in question, Landauer, is a provider of ionising radiation monitoring services. Velindre confirmed that Landaeur experienced a data breach on October 6 2016, but did not tell the trust until January 17 this year. There was a longer delay in telling staff - they were only contacted in the last few weeks, the BBC reported.
In a statement Betsi Cadwaladr University Health Board said: “We have been informed by Velindre NHS Trust who manage the Radiation Protection Service on behalf of health boards in Wales that the third party provider of the service, Landauer, has experienced a data security attack on one of its UK servers which affects our staff.
"No patient information has been affected by this breach. We have contacted all the staff affected to reassure them that Landauer has acted swiftly to secure its servers and that, since the attack, it has undertaken significant measures in connection with its UK IT network to ensure that no further information can be compromised."
Velindre cancer services director, Andrea Hague, said: "Velindre NHS Trust has identified around 530 of its own staff affected by the breach and we have written to all those involved.
"Notification of the data breach was received by the Trust on 17 January this year, but it is understood that the actual incident happened in October 2016. The reasons behind this delay in notifying us of the breach are the subject of ongoing discussions with the host company."
The Information Commissioner’s Office is reported to be looking into the incident.
