The personal information of 284 diabetic patients was shared with more than 30 others as a result of a data breach at NHS Highland.
The mistake caused the patients' names, birthdates, contact information, and hospital identification numbers to become public.
The data had been entered into a spreadsheet along with notes about when patients attended or received training.
The next day, NHS Highland reported the issue to the Information Commissioner's Office (ICO), and it has written to those patients who were impacted.
No private information about medical history was disclosed.
TPRM report: https://scoringcyber.rankiteo.com/company/nhs-highland
"id": "nhs213011623",
"linkid": "nhs-highland",
"type": "Data Leak",
"date": "11/2020",
"severity": "25",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 284,
'industry': 'Healthcare',
'name': 'NHS Highland',
'type': 'Healthcare'}],
'data_breach': {'file_types_exposed': ['Spreadsheet'],
'number_of_records_exposed': 284,
'personally_identifiable_information': ['Names',
'Birthdates',
'Contact Information',
'Hospital '
'Identification '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Birthdates',
'Contact Information',
'Hospital Identification '
'Numbers']},
'description': 'The personal information of 284 diabetic patients was shared '
'with more than 30 others as a result of a data breach at NHS '
"Highland. The mistake caused the patients' names, birthdates, "
'contact information, and hospital identification numbers to '
'become public. The data had been entered into a spreadsheet '
'along with notes about when patients attended or received '
'training. No private information about medical history was '
'disclosed.',
'impact': {'data_compromised': ['Names',
'Birthdates',
'Contact Information',
'Hospital Identification Numbers']},
'regulatory_compliance': {'regulatory_notifications': ['Reported to the '
'Information '
"Commissioner's Office "
'(ICO)']},
'response': {'communication_strategy': ['Written to affected patients']},
'title': 'Data Breach at NHS Highland',
'type': 'Data Breach'}