NHS Lothian

A data breach at NHS Lothian was discovered during a routine internal audit last month, revealing unauthorized access to the medical records of an unspecified number of patients. While the exact scale of the breach remains unconfirmed by the health board, the incident involved the exposure of sensitive patient data, which may include personal and medical information. NHS Lothian has stated that 'appropriate action' has been taken in response, though specific remediation steps or the root cause (e.g., insider threat, system vulnerability, or external attack) were not disclosed. The breach raises concerns over patient privacy, potential misuse of health records, and compliance with data protection regulations like the UK GDPR. Given the nature of the compromised data medical records the incident could lead to reputational damage, regulatory scrutiny, and erosion of public trust in the healthcare provider’s ability to safeguard confidential information.

Source: https://www.bbc.com/news/articles/cnveed82pe5o

TPRM report: https://www.rankiteo.com/company/nhs-lothian

"id": "nhs3032230110125",
"linkid": "nhs-lothian",
"type": "Breach",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Lothian, Scotland, UK',
                        'name': 'NHS Lothian',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'personally_identifiable_information': 'Likely (medical '
                                                        'records often contain '
                                                        'PII)',
                 'sensitivity_of_data': 'High (patient medical records)',
                 'type_of_data_compromised': ['Medical records']},
 'description': 'The medical records of some NHS Lothian patients have been '
                'accessed in a data breach. The breach is believed to have '
                'been spotted during a routine audit last month. The number of '
                'patients affected has not been confirmed by the health board. '
                "It said the 'appropriate action' had been taken.",
 'impact': {'data_compromised': ['Patient medical records']},
 'initial_access_broker': {'high_value_targets': ['Patient medical records']},
 'investigation_status': 'Ongoing (implied by lack of confirmed details)',
 'regulatory_compliance': {'regulations_violated': ['Likely GDPR (UK GDPR)',
                                                    'NHS Data Protection '
                                                    'Policies']},
 'response': {'incident_response_plan_activated': 'Yes (implied by '
                                                  "'appropriate action' "
                                                  'taken)'},
 'title': 'Patient records accessed in NHS Lothian data breach',
 'type': 'Data Breach'}

NHS Lothian

Raaga: Have I Been Pwned’s Post

AmeriCorps and U.S. Supreme Court: Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach

Pass’Sport: Have I Been Pwned’s Post