Chester NHS Trust staff personal details compromised in Landauer security breach

Chester NHS Trust admits staff personal details have been compromised following Landauer security breach

Staff at Countess of Chester Hospital, part of Chester NHS Trust, are among the thousands of NHS workers who have had their personal details compromised in a breach of the systems of private contractor Landauer.

The breach was revealed last month, with names, birth dates, National Insurance numbers and radiation doses of NHS medical staff in Wales, Scotland and England exposed following the security breach.

The data had been held by Landauer, a US-based radiation monitoring company, which works with the NHS to ensure that radiology staff are not exposed to harmful levels of radiation.

Several NHS bodies have come forward stating that they have been affected by the breach, including University Hospital Southampton NHS Foundation Trust, Guy's and St Thomas' NHS Foundation Trust, NHS Ayshire and Arran, Velindre NHS Trust and Betsi Cadwaladr University Health Board.

Now, the Countess of Chester Hospital NHS Foundation Trust has also revealed that nearly 300 of its staff have been affected by the breach.

In a statement the trust said there were 37 members of staff that have had their name, dosage and dates of birth compromised, while two members of staff had their name, dosage and National Insurance numbers compromised.

The Trust said that these individuals "have been provided with two years free access to a fraud monitoring service by Landauer".

A further 259 staff had their name and radiation dosage compromised.

"A large number of NHS organisations have been affected by this incident and we have reviewed and reported this to the Information Commissioner's Office, as has the contractor," said Alison Kelly, director of nursing at the Countess of Chester and senior information risk owner for the Trust.

Landauer has admitted that one of its UK servers was the target of a security breach in late 2016, which resulted in client data being compromised.

It added that its security team secured its UK systems within 24 hours of any data being compromised "to ensure that the data compromised was kept to a minimum".

It continued: "Following the incident, we engaged a leading global firm of forensic IT specialists to conduct a thorough investigation to identify the scope of data compromised. We are confident that we have identified all affected clients and have undertaken a programme to notify them of the incident."

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.

Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.

Attendance is free to qualifying IT professionals and IT leaders - register now!