250 private UK healthcare employees’ data stolen in breach

The NHS has been subject to severe criticism over the past few years in relation to its data security. Not only has the issue hit the UK public healthcare system, but it seems to be a pandemic issue that includes the private sector too.

This is evident where the personal details of 250 healthcare employees were stolen in a data breach. The data breach targeted approximately 250 employees at Hywel Dda Health Board in Wales.

The personal information that was thought to be stolen included:

• Names;
• Dates of birth;
• National insurance numbers.

The information was stolen from a private computer system at Landauer; a private company that works in conjunction with the NHS to monitor radiation levels of NHS employees.

Response of Landauer

A spokesperson for Landauer released a statement:

“Hywel Dda can confirm that 247 members of staff are affected by the data breach and we are in the process of informing them. Appropriate measures have also been put in place to support these staff.”

They continued to assure the employees that the company had “acted quickly” after they learned about the data breach. Though they note that actions were made in response to the breach, they didn’t provide further details of what those actions were.

Measures that should be in place?

What measures were put in place? Shouldn’t they have had pre-emptive measures to ensure that their employees’ personal data was not within reaching distance of cyber-hackers? I guess it’s always easier to look retrospectively, and Landauer will see it as how they would’ve, could’ve, should’ve.

Lessons learned?

This should be a lesson learned and taught to other companies and businesses – to review their data security straight away. I acknowledge that even the ‘most secure’ data security may have flaws. It’s not about having just ‘top-notch’ security, it’s also about how the company responds to it.

Comparison/similarities with the U.S.?

Landauer’s data breach can draw parallels to the breach that took place in the U.S. at Alberta Children’s Hospital. An administrator allegedly snooped through roughly 250 patient records over a period of 14 months; she had access to young patient, adult, nurses and doctors records. It was even the case that “high profile individuals in the community” had been subject to the data breach too.

The main issue at hand here is the fact that the data breach had gone unnoticed for over a year. It was only when the Alberta Health Services intervened and noticed the breach during an audit of the patient databases.

Data security checks needed

This raises the suggestion that maybe auditing patient databases should be undertaken more frequently. It’s not quite clear as to how the information was stolen from the Landuer database, but there’s one thing for sure; data security checks at intervals may seem to be the way forward for both Landuer, Alberta Health Services, and other companies. Though it may seem invasive and unnecessary, I would pose the argument that the importance of data security is a justifiable reason for these checks.