Public Health Wales

Public Health Wales

The personal data of 18,105 people who tested positive for coronavirus was accidently exposed by Public Health Wale.

The compromised information including patients’ initials, dates of birth, geographical area and gender were exposed on a publicly accessible server.

The public health soon disabled the public access to the server and secured it from further consequences.

Source: https://www.itgovernance.co.uk/blog/public-health-wales-accidentally-publishes-18000-coronavirus-patients-data

TPRM report: https://scoringcyber.rankiteo.com/company/public-health-wales

"id": "pub1349422",
"linkid": "public-health-wales",
"type": "Breach",
"date": "09/2020",
"severity": "90",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 18105,
                        'industry': 'Healthcare',
                        'location': 'Wales',
                        'name': 'Public Health Wales',
                        'type': 'Government'}],
 'attack_vector': 'Accidental Exposure',
 'data_breach': {'number_of_records_exposed': 18105,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['initials',
                                              'dates of birth',
                                              'geographical area',
                                              'gender']},
 'description': 'The personal data of 18,105 people who tested positive for '
                'coronavirus was accidentally exposed by Public Health Wales. '
                'The compromised information including patients’ initials, '
                'dates of birth, geographical area, and gender were exposed on '
                'a publicly accessible server.',
 'impact': {'data_compromised': ['initials',
                                 'dates of birth',
                                 'geographical area',
                                 'gender'],
            'systems_affected': ['Publicly Accessible Server']},
 'response': {'containment_measures': ['Disabled public access to the server'],
              'remediation_measures': ['Secured the server from further '
                                       'consequences']},
 'title': 'Public Health Wales Data Exposure Incident',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Publicly Accessible Server'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.