**Royal Cornwall Hospitals NHS Trust Data Breach Exposes Staff Sickness Records**
The Royal Cornwall Hospitals NHS Trust has notified 8,100 current and former employees after a data breach exposed sensitive staffing information. The incident occurred when an editable spreadsheet containing personal details—including names, job titles, and sickness absence records—was inadvertently disclosed in response to a Freedom of Information (FOI) request.
While no patient data or financial information was compromised, the breach revealed internal staffing details, raising concerns over employee privacy. The trust acknowledged the error, issued an apology, and confirmed immediate corrective measures were taken. Authorities emphasized the organization’s commitment to safeguarding personal information following the incident.
Source: https://www.bbc.com/news/articles/c98ndr54zr0o
Royal Cornwall Hospitals NHS Trust cybersecurity rating report: https://www.rankiteo.com/company/royalcornwallnhs
"id": "ROY1765289106",
"linkid": "royalcornwallnhs",
"type": "Breach",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '8,100 current and former '
'employees',
'industry': 'Healthcare',
'location': 'Cornwall, UK',
'name': 'Royal Cornwall Hospitals NHS Trust',
'type': 'Healthcare'}],
'attack_vector': 'Inadvertent Disclosure',
'data_breach': {'file_types_exposed': 'Spreadsheet',
'number_of_records_exposed': '8,100',
'personally_identifiable_information': 'Names, job titles, '
'sickness absence '
'details',
'sensitivity_of_data': 'Moderate (personal details, sickness '
'records)',
'type_of_data_compromised': 'Personal details, job titles, '
'sickness absences, dates'},
'description': 'Personal details of thousands of current and former staff '
'working for a hospital trust have been exposed in a data '
'breach. Royal Cornwall Hospitals NHS Trust said it had '
'written to 8,100 current and former employees after an '
'editable spreadsheet containing staffing data was '
"'inadvertently disclosed' as part of a Freedom of Information "
'(FOI) request. The names and job titles of staff together '
'with descriptions about sickness absences and their dates '
'were disclosed, but no patient data or financial information '
'was compromised.',
'impact': {'brand_reputation_impact': 'Likely negative impact due to apology '
'issued',
'data_compromised': 'Staff personal details, job titles, sickness '
'absences, and dates',
'identity_theft_risk': 'Potential risk due to exposure of personal '
'details'},
'post_incident_analysis': {'root_causes': 'Inadvertent disclosure of editable '
'spreadsheet in FOI request'},
'references': [{'source': 'News Article'}],
'regulatory_compliance': {'regulations_violated': 'Likely GDPR (UK Data '
'Protection Act 2018)'},
'response': {'communication_strategy': 'Written apology to affected employees',
'incident_response_plan_activated': 'Immediate action taken'},
'title': 'Hospital staff sick days exposed in data breach',
'type': 'Data Breach'}