Cyber attack on US company hits more NHS staff
- 1 March 2017
A cyber attack on a US company could have compromised the privacy of staff throughout the NHS, with a Dorset hospital the latest confirmed victim.
The Bournemouth Echo reported on Wednesday that staff at Royal Bournemouth Hospital were told their confidential information could have been compromised in a hack on the US-based company Landauer in October last year.
The first affected customers in the UK were not informed until January.
Landauer provides ionising radiation monitoring services and is used by many NHS trusts and health boards. The company holds personal information including names, radiation doses, dates of birth and national insurance numbers for NHS staff.
Digital Health News first reported on the Landauer attack last month, when the Scottish Government confirmed nine health board had been caught up in the attack.
Now it appears NHS staff in England have also been affected by the attack, although how many trusts used Landauer has yet to be confirmed. So far, there have been no reports of patient data been affected.
The Royal Bournemouth and Christchurch Hospitals NHS Foundation Trust told the Echo that it had reported the breach to NHS Digital but NHS staff across the country were affected.
In a statement provided to Digital Health News, a Government spokesperson said NHS Digital was working with affected organisation to handle with the “external breach”.
“This government takes digital security extremely seriously.”
The spokesman said there was growing cyber threat across the UK and support was available through the newly established National Cyber Security Centre.
NHS staff that have been affected by the “unlawful access” of their “limited personal details” have been offered free identity theft support for 12 months.
Cyber attacks have become a growing concern in the NHS, particularly since the high-profile ransomware attack at Northern Lincolnshire and Goole NHS Foundation Trust.
That attack virtually shut down the hospital for four days in October, last year, and led to the cancellation of thousands of patient appointments.
Many trusts have been reviewing their cyber resilience in the past six months as several recent reports suggest the over-reliance on obsolete technology in the NHS makes the system vulnerable.