Scottish NHS staff caught in US cyber-attack

Cyber Security, News

  • 3 February 2017
Scottish NHS staff caught in US cyber-attack
Laura Stevens
December 1, 2016

The personal data of at least 293 Scottish NHS staff have been compromised in a cyber attack against a supplier in United States.

US-based Landauer provides ionising radiation monitoring services for eight NHS health boards across Scotland.Ā  The company holds personal information including names, radiation dose, dates of birth and national insurance numbers for these staff.

On Tuesday, one of those NHS boards confirmed the personal data of 293 of its staff were affected by a cyber-attack on Landauer.

Although it is not yet clear how staff at other health boards have been affected, the Scottish government has confirmed nine boards have contracts with Landauer.

In a statement, NHS Ayrshire & Arran chief executive John Burns said: ā€œWe have been informed by one of our service providers, Landauer, that it has experienced a data security attack on one of its UK servers which affects our staff.ā€

No patients were affected by the breach, he said.

The statement also revealed that company was aware of the cyber-attack in October but had only recently informed its NHS customers.

This was because it ā€œwanted to identify the extent of the attack and the numbers of NHS staff affected before communicating this to NHS Boardsā€.

Landauer has also since terminated a contract with a third-party company involved in the attack.

Scottish government ministers were notified on 25, January.

A Scottish Government spokesman said in a statement: ā€œWe take the protection of personnel data extremely seriously and this data breach is being fully investigated by health boardsā€.

ā€œLandauer has taken action to ensure their systems are now secureā€, he said.

ā€œThey are continuing to work with boards to support staff and ensure all data is now protectedā€.

It comes as Commonsā€™ Public Accounts Committee report, published on Friday, highlight the threats to government of cyber-attacks.

The report citicised the Cabinet Officeā€™s oversight of cyber security, stating that ā€œthere appears to be no coordination across the wider public sectorā€.

ā€œThere is little oversight of the costs and performance of government information assurance projects, and processes for recording departmental personal data breaches are inconsistent and dysfunctional.ā€

 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Patientrack cuts admissions at St Helens and Knowsley

Next News

Derby Teaching Hospitals safeguards its EPR with ReStartā€™s PAS Mirror

Related News

What makes the NHS App successful?
Opinion July 3, 2024

What makes the NHS App successful?

Building a ā€˜superappā€™ is a delicate act of statecraft, writes Mohammad Al Ubaydli from Patients Know Best
Patient groups oppose NHSE plans for unified clinical registry platform
Cyber Security July 3, 2024

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups for people with blood disorders have raised concerns about NHS England plans to combine clinical registries in a single platform.
Heriot-Watt University partners with ABHI to advance health tech research
News July 2, 2024

Heriot-Watt University partners with ABHI to advance health tech research

Heriot-Watt University is focusing on accelerating health tech research and development, through a partnership with ABHI.