Probe launched into leak of more than 500 junior doctors' personal details
Union BMA commends trust on swift response to leak of trainee GPs' details but calls for thorough investigation
Various personal details of trainee GPs were leaked online following the breach, including home addresses and National Insurance numbers
St Helens and Knowsley Teaching Hospitals NHS Trust is investigating a data breach that caused the personal details of 500 trainee GPs to be leaked online.
The trust discovered the breach on Friday 28 July. The issue was first flagged up by number of trainee doctors who discovered that their personal details – including postal and email addresses, dates of birth, mobile phone numbers, and National Insurance numbers – were featured in two spreadsheets hosted publicly online, on a website run by an external supplier.
The trust has informed the Information Commissioner’s Office of the breach, and begun its own comprehensive investigation to try and discover how it came about. It will publish a report of its findings in due course.
- 'It's not a choice between privacy or innovation', ICO tells NHS trusts
- How should we respond to cyber attacks on public bodies?
- Health care 'disproportionately affected' by data security incidents
It has also been in touch with Google and other search engines to ask that they remove any cached data related to the breach.
“The data breach has been reviewed independently and the trust has been assured that the risk to personal security is minimal,” the trust said, in a statement. “We continue to liaise with the trainees affected and have apologised profusely for any distress or inconvenience caused.”
The British Medical Association (BMA) said that it will work with the trust and the individuals whose data was compromised to try and ensure the necessary remedial and preventative steps are now taken.
“Those junior doctors affected will be understandably worried that their personal information has been made widely accessible without their knowledge,” the union said.
“While the trust has addressed the situation promptly, it must ensure it provides the necessary support and information to those affected, and urgently investigate how and why this breach occurred to ensure that it doesn't happen again.”
Shadow Cabinet Office minister criticises government’s track record on cybersecurity
Ability to compel telecoms firms to gather data was introduced in Investigatory Powers Act
Work also begins on developing a framework for identity products after Verify enters private ownership
Tool is currently in public beta ahead of planned full launch in September