Cambridge Hospitals Admit Two Excel-Based Data Breaches

A Cambridge NHS trust has admitted two historic data breaches, stemming from the accidental disclosure of patient data in Excel spreadsheets in response to Freedom of Information requests.
The way this data was leaked is almost identical to the far graver breach at the Police Service of Northern Ireland earlier this year.
The police service also accidentally shared sensitive information with What Do They Know in response to an FOI request, with the data hidden by a pivot table.
In September, privacy regulator the Information Commissioner's Office called for an immediate end to the use of Excel spreadsheets to publish FOI data, and released guidance on pivot tables.
This Excel function can help to summarize large data sets but might also create an automatic summary of the underlying data which is hidden from immediate view.
The breach was only alerted to the trust when admins at What Do They Know discovered it and immediately removed the information from their website.
That prompted a further investigation by the NHS trust of FOI requests it has handled over the past decade.
This revealed an additional incident, in 2021, in which a spreadsheet sent to Wilmington PLC accidentally contained the names, hospital numbers and some medical information on 373 cancer patients undergoing clinical trials.
Sinker said the trust has decided not to write directly to the maternity patients involved in the first breach.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 07 Dec 2023 09:30:16 +0000


Cyber News related to Cambridge Hospitals Admit Two Excel-Based Data Breaches

Hospitals Must Treat Patient Data and Health With Equal Care - COMMENTARY. Hospitals are in the crosshairs: As collectors of some of the most personal and sensitive data available, hospitals are a prime target for hackers and cyberattacks. Patient data needs to be treated with as much care and sensitivity as the ...
9 months ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
Capital Health Hospitals hit by cyberattack causing IT outages - Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. The healthcare system manages two hospitals, an outpatient facility in ...
10 months ago Bleepingcomputer.com
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
6 months ago Tripwire.com
Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. ...
7 months ago Securityweek.com
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
10 months ago Windsorstar.com
Cambridge Hospitals Admit Two Excel-Based Data Breaches - A Cambridge NHS trust has admitted two historic data breaches, stemming from the accidental disclosure of patient data in Excel spreadsheets in response to Freedom of Information requests. The way this data was leaked is almost identical to the far ...
10 months ago Infosecurity-magazine.com
LockBit targets hospitals - We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. These attacks include ones against Yakult Australia and the Ohio Lottery by the new ...
9 months ago Bleepingcomputer.com
Hospitals ask courts to force cloud storage firm to return stolen data - Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack and now stored on the servers of a Boston cloud storage company. Carthage Area Hospital and Claxton-Hepburn Medical Center have ...
9 months ago Bleepingcomputer.com
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
8 months ago Darkreading.com
Feds cough up 'voluntary' cybersecurity goals for hospitals The Register - Plus, you're going to be in for a world of hurt when new regulations - which will very likely mirror these voluntary practices - take effect, according to Taylor Lehmann, a director in Google Cloud's Office of the Chief Information Security Officer. ...
8 months ago Go.theregister.com
HHS proposes new cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare - The United States Department of Health and Human Services said it is planning to take a range of actions in an effort to better address cyberattacks on hospitals, which have caused dozens of outages across the country in recent months. First reported ...
10 months ago Therecord.media
Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
8 months ago Securityzap.com
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches - An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse. The report is based on an independent study of publicly reported ...
10 months ago Darkreading.com
New Jersey, Pennsylvania hospitals affected by cyberattacks - Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network ...
10 months ago Therecord.media
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
8 months ago Cysecurity.news
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
4 months ago Infosecurity-magazine.com
Lockbit Ransomware Attack Affects Three German Hospitals - Katholische Hospitalvereinigung Ostwestfalen, a German hospital network, has confirmed that a cyberattack launched by the Lockbit ransomware group is the cause of recent service disruptions at three hospitals in its network. The attack occurred in ...
9 months ago Heimdalsecurity.com
CVE-2016-0054 - Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint ...
5 years ago
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
9 months ago Securityboulevard.com
Data Protection in Educational Institutions - This article delves into the significance of data protection in educational institutions, emphasizing three key areas: the types of educational data, data privacy regulations, and data protection measures. Lastly, robust data protection measures are ...
9 months ago Securityzap.com
How to Recover an Unsaved Excel File - If your Excel file was left unsaved by accident, don't fret - Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate to the File tab > Info > Manage Versions to undelete it ...
8 months ago Hackercombat.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
7 months ago Bleepingcomputer.com
CVE-2011-1989 - Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for ...
5 years ago
CVE-2016-3358 - Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)