The Scottish Ambulance Service suffered a data breach in which it exposed its staff members' personal information online. On 12 October, the NHS Ambulance Services Trust, which is part of NHS Scotland, sent an email to its staff in which it disclosed the data breach. As quoted by BBC News:
For a time, the names and telephone numbers of staff, as they appear on our internal directory, were available on a section of our website that could be accessed by the general public. We are not aware that this has caused any issues regarding privacy and this matter has now been rectified - the web pages in question have now been removed.
A spokesperson for the Scottish Ambulance Service later confirmed the data security issue. They also stated that the incident didn't affect patients' information.
The Information Commissioner's Office (ICO) of the United Kingdom learned about the breach and began making inquiries into what happened. A Scottish government spokesperson said that the government will weigh the commissioner's findings once the ICO completes its investigation into the incident. They also emphasized that the government "takes data security seriously, and we expect health boards to ensure personal data has the appropriate safeguards." News of this incident follows less than two weeks after a Washington medical group practice specializing in orthopedics notified individuals of a data security event that might have exposed some of their personal information. Healthcare records are increasingly under attack from bad actors, which is why medical organizations need to take steps to protect them. For example, these companies should make sure they can detect changes, avoid misconfigurations and ensure continuous compliance in their electronic medical record (EMR) environments. It would be difficult for any healthcare organization to adequately fulfill these duties manually. Instead they should consider investing in a solution like Tripwire Enterprise that could help them achieve these ends. Learn how Tripwire can help.
