The trust that manages Basingstoke Hospital has disclosed a SECOND data breach, following the sharing of the private information of 1,000 staff members.
In meeting materials posted online by Hampshire Hospitals NHS Foundation Trust (HHFT), information on the breach that was reported to the Information Commissioner's Office (ICO) in July has been revealed.
The Gazette uncovered the second vulnerability in August 2020, and as a result, information on women who had stillbirths was posted online.
The ICO did not take enforcement action, but it did urge that HHFT establish a documented process for ensuring that attachments contain accurate information available to all workers and that the efficacy of this process is continuously evaluated.
TPRM report: https://scoringcyber.rankiteo.com/company/hhftnhs
"id": "ham14711623",
"linkid": "hhftnhs",
"type": "Data Leak",
"date": "08/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Basingstoke, UK',
'name': 'Hampshire Hospitals NHS Foundation Trust '
'(HHFT)',
'type': 'Healthcare'}],
'attack_vector': 'Information Disclosure',
'data_breach': {'number_of_records_exposed': 1000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Private information of staff '
'members',
'Information on women who had '
'stillbirths']},
'date_detected': '2020-08',
'description': 'The trust that manages Basingstoke Hospital has disclosed a '
'second data breach, following the sharing of the private '
'information of 1,000 staff members. In meeting materials '
'posted online by Hampshire Hospitals NHS Foundation Trust '
'(HHFT), information on the breach that was reported to the '
"Information Commissioner's Office (ICO) in July has been "
'revealed. The Gazette uncovered the second vulnerability in '
'August 2020, and as a result, information on women who had '
'stillbirths was posted online. The ICO did not take '
'enforcement action, but it did urge that HHFT establish a '
'documented process for ensuring that attachments contain '
'accurate information available to all workers and that the '
'efficacy of this process is continuously evaluated.',
'impact': {'data_compromised': ['Private information of 1,000 staff members',
'Information on women who had stillbirths']},
'lessons_learned': 'Establish a documented process for ensuring that '
'attachments contain accurate information available to all '
'workers and that the efficacy of this process is '
'continuously evaluated.',
'post_incident_analysis': {'corrective_actions': 'Establish a documented '
'process for ensuring that '
'attachments contain '
'accurate information '
'available to all workers '
'and that the efficacy of '
'this process is '
'continuously evaluated.',
'root_causes': 'Improper data handling'},
'references': [{'source': 'The Gazette'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to the '
'Information '
"Commissioner's Office "
'(ICO)'},
'title': 'Second Data Breach at Basingstoke Hospital',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper data handling'}