Thousands of Welsh NHS Staff’s Data Compromised in Cyber Attack

Media Division | March 13, 2017

Healthcare organizations can often be heavily targeted by cyber attackers.  A variety of illicit gains can be obtained from these organizations, such as patient and staff records, money, or other critical data.  There is a multitude of healthcare organizations breached every single year.  In a recent attack, the hacking was not directly targeted toward the particular healthcare organization, but rather a private contractor that handled data on behalf of the Welsh National Health Service (NHS).  The breach has exposed the details of over a thousand Welsh NHS employees who deal with x-rays, including their names, dates of birth, radiation doses, and National Insurance numbers.

An investigation of the breach has been launched, and the Welsh NHS has said the breach is “deeply disappointing.”  The staff within many of these organizations wear radiation dosimetry badges to measure their exposure when working with x-rays.  The data from these badges is then processed for Welsh NHS by Landauer, which was the contractor that was breached.  The NHS has said that individuals’ data was copied in different combinations, and not everyone was affected in an identical way.  Managers stated that cleaners, radiographers, and other staff were affected at most health boards in Wales.

The Potential Consequences of the Breach

The fact that the criminals have a multitude of personal details of these individuals could potentially bring about many negative consequences.  National Insurance numbers can be used to obtain bank loans, cars or mortgages.  The criminals most likely will not use the information immediately and may lie in wait for many years, which puts these individuals in the situation of having to watch for abnormal activity for years to come.  Unique identification details can be some of the most dangerous information to be in criminals hands, as they can be used to impersonate someone in many ways.  According to a cyber security expert, the details obtained in the breach are not enough to go through with “significant financial transactions,” but could be used in combination with further details that can be obtained online for about £50 per person.

This breach was actually handled quite wrongly for a large amount of time.  The breach had actually happened in October, and yet some staff were not even formally informed until the beginning of March.  This is a blatant mishandling, as those affected by a breach need to be notified immediately in case any strange activity begins to arise.  According to a spokesman for Betsi Cadwaladr health board, “We have contacted all the staff affected to reassure them that Landauer has acted swiftly to secure its servers and that, since the attack, it has undertaken significant measures in connection with its UK IT network to ensure that no further information can be compromised.”  Fortunately, the spokesman also said that Landauer has provided the affected staff members free access to the credit monitoring agency, Experian for two years.  This will at least help those affected to monitor for any strange activity connected to their details.

Establishing Proper Cyber Security to Prevent Cyber Attacks

Cyber attacks like the above can happen at any time and to any organization.  Wherever there are potential illicit gains to be had is where cyber attackers will target, including organizations of all types and sizes.  In our modern age of highly employed technology and cyberspace, proper cyber security is more critical than ever.  Virtually every organization has a database of important information such as client and financial data, which needs to be protected.  When an organization is lacking in cyber security, it can potentially lead to a variety of disastrous consequences.  Massive Alliance offers a wide array of cyber security services that can help an organization to prevent cyber attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.