Over 18K COVID-19 Patients’ Data Mistakenly Exposed by NHS Trust


A Public Health Service (NHS) Trust revealed that it had mistakenly uploaded the private information of over 18,000 people who had previously tested positive for coronavirus 2019 (COVID-19).

Over 18K COVID-19 Patients’ Data Mistakenly Exposed by NHS Trust

On September 14, Flagrant Health Wales announced in a web statement that the data breach had transpired back on the afternoon of August 30, 2020.

This notice explained that the in person information of 18,105 Welsh residents who had tested positive for COVID-19 had ended up on a viewable server as the result of human error.

The incident exposed only the primes, date of birth, geographical area and sex of 16,179 individuals, the statement expounded.

For the remaining 1,926 victims, the security event might have breached the reality that they lived in or shared a zip code with a nursing effectively or similar supported setting.

The exposed information remained on the public server for generally 20 hours until Public Health Wales removed it on the morning of August 31. At that eventually, the data had been viewed 56 times.

As part of its investigation, the NHS Give noted that it had found no evidence of malicious actors having misused the COVID-19 patients’ compromised matter.

Public Health Wales explained that it still went winning and informed the Information Commissioner’s Office and Welsh Government as well as commissioned the Crisis of Information Governance at the NHS Wales Informatics Service to conduct an investigation.

It also asseverated that it had taken steps to prevent a similar event from incident again by creating an incident response team, changing its standard go procedures and keeping its local partners informed.

Tracey Cooper, chief boss of Public Health Wales, issued an apology for the security incident. As exemplified on the NHS Trust’s website:

We take our obligations to protect people’s data very seriously and I am sorry that on this occasion we failed. I would get a bang to reassure the public that we have in place very clear systems and policies on data protection. We have commenced a swift and thorough outside investigation into how this specific incident occurred and the lessons to be practised. I would like to reassure our public that we have taken triggered steps to strengthen our procedures and sincerely apologise again for any anxiety this may cause in the flesh.

Individuals looking to learn more about the security event should phone Public Health Wales by emailing PHW.data@wales.nhs.uk or calling 0300 003 0032.

Leave a Reply

Your email address will not be published. Required fields are marked *