A major English teaching trust is the latest to fall victim to NHS staff radiation data breaches, as the US-based company behind the hack refuses to confirm the total number affected.
Radiation monitoring company, Landauer, has stayed silent on how many people have been affected by the extensive cyber-security incident that has affected health boards and trusts across the United Kingdom.
Last week, University Hospital Southampton NHS Foundation Trust confirmed more than 2,000 current and former staff members’ data compromised. Personal information taken included name, date of birth and national insurance number.
Respond to questions from Digital Health News, Landauer said its “security team to secure our UK system within 24 hours of any data being compromised and ensure that the data compromised was kept to a minimum”.
“Following the incident, we engaged a leading global firm of forensic IT specialists to conduct a thorough investigation to identify the scope of data compromised. We are confident that we have identified all affected clients and have undertaken a program to notify them of the incident.”
The company would not connfirm how many NHS staff have had their data compromised, or how many trusts have been affected.
The data breach occurred in October last year. Trusts and health boards affected were not informed until January 2017.
A spokeswoman for NHS Digital said the agency did not know how many trusts had been affected.
The hack has led to the Information Commissioner’s Office announcing last week that it was “making enquiries” into the data breach.
A spokesman for Southampton said the trust is “cooperating fully” with the ICO.
Last week Digital Health News reported that all nine health boards and trusts in Wales had been affected, with more than 3,000 staff having their information potentially at risk of identity fraud.
The delay by Landauer in informing their clients, is “subject to ongoing discussions with the host company”, according to Andrea Hague, cancer services director at Velindre NHS Trust, which coordinates radiation data in Wales.
Other English trusts affected include Guy’s and St Thomas’ NHS Foundation Trust with the data of 11 staff compromised. While most had only their names and departments least, one staff member had their NI number and birth date hacked.
The Royal Bournemouth Hospital also reported staff date had been compromised in the attack.
At the time, a Government spokesperson said NHS Digital was working with affected organisation to handle with the “external breach”.
“This government takes digital security extremely seriously.”
The Welsh and English revelations followed reports in Scotland in February that the personal data of at least 293 NHS staff compromised, across eight health boards in the country.
At the time, the Society and College of Radiographers said Landauer had not responded to questions about the breach.
Richard Evans, chief executive at the Society, advised his members to ask their employers if they were “aware of the data breach and if you or any colleagues have been affected by it”.
Landauer have offered affected staff members a year’s free membership with credit monitoring company, Experian.