Patient information was taken from an NHS appointment booking system by a computer whiz with connections to the international hacking group Anonymous.
The criminal exploited a private contractor's security to gain access to a database that contained private information on up to 1.2 million people.
Attack limited to names, dates of birth, phone numbers and, in some cases, email addresses.
For the management of a website where patients can schedule appointments with a doctor, hospital, or clinic, eight NHS trusts have paid SwiftQueue.
They also manage terminals that patients can use to check in when they arrive in the waiting areas.
TPRM report: https://scoringcyber.rankiteo.com/company/nhs
"id": "nhs173971122",
"linkid": "nhs",
"type": "Data Leak",
"date": "08/2017",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '1.2 million',
'industry': 'Healthcare',
'name': 'SwiftQueue',
'type': 'Private Contractor'}],
'attack_vector': "Exploiting private contractor's security",
'data_breach': {'number_of_records_exposed': '1.2 million',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Personal Information',
'type_of_data_compromised': ['names',
'dates of birth',
'phone numbers',
'email addresses']},
'description': 'Patient information was taken from an NHS appointment booking '
'system by a computer whiz with connections to the '
'international hacking group Anonymous. The criminal exploited '
"a private contractor's security to gain access to a database "
'that contained private information on up to 1.2 million '
'people.',
'impact': {'data_compromised': ['names',
'dates of birth',
'phone numbers',
'email addresses'],
'systems_affected': 'Appointment booking system'},
'threat_actor': 'Individual with connections to Anonymous',
'title': 'NHS Appointment Booking System Data Breach',
'type': 'Data Breach'}