The UK's data protection watchdog has censured an NHS trust after learning that personnel had been sharing patient information on an unauthorised app for two years.
The compromised data includes names, phone numbers, addresses, images, videos, screenshots and clinical information, according to the Information Commissioner’s Office.
NHS Lanarkshire to ensure that patient data is not compromised again.
Source: https://www.infosecurity-magazine.com/news/nhs-staff-reprimanded-whatsapp/
TPRM report: https://scoringcyber.rankiteo.com/company/nhs-lanarkshire
"id": "nhs7502823",
"linkid": "nhs-lanarkshire",
"type": "Breach",
"date": "08/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'United Kingdom',
'name': 'NHS Lanarkshire',
'type': 'Healthcare'}],
'attack_vector': 'Unauthorised App Usage',
'data_breach': {'file_types_exposed': ['images', 'videos', 'screenshots'],
'personally_identifiable_information': ['names',
'phone numbers',
'addresses',
'clinical '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'phone numbers',
'addresses',
'images',
'videos',
'screenshots',
'clinical information']},
'description': "The UK's data protection watchdog has censured an NHS trust "
'after learning that personnel had been sharing patient '
'information on an unauthorised app for two years. The '
'compromised data includes names, phone numbers, addresses, '
'images, videos, screenshots, and clinical information, '
'according to the Information Commissioner’s Office.',
'impact': {'data_compromised': ['names',
'phone numbers',
'addresses',
'images',
'videos',
'screenshots',
'clinical information']},
'references': [{'source': 'Information Commissioner’s Office'}],
'title': 'Data Breach at NHS Lanarkshire',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Data Handling Practices'}