A Cambridge NHS trust has admitted two historic data breaches, stemming from the accidental disclosure of patient data in Excel spreadsheets in response to Freedom of Information requests.
The way this data was leaked is almost identical to the far graver breach at the Police Service of Northern Ireland earlier this year.
The police service also accidentally shared sensitive information with What Do They Know in response to an FOI request, with the data hidden by a pivot table.
In September, privacy regulator the Information Commissioner's Office called for an immediate end to the use of Excel spreadsheets to publish FOI data, and released guidance on pivot tables.
This Excel function can help to summarize large data sets but might also create an automatic summary of the underlying data which is hidden from immediate view.
The breach was only alerted to the trust when admins at What Do They Know discovered it and immediately removed the information from their website.
That prompted a further investigation by the NHS trust of FOI requests it has handled over the past decade.
This revealed an additional incident, in 2021, in which a spreadsheet sent to Wilmington PLC accidentally contained the names, hospital numbers and some medical information on 373 cancer patients undergoing clinical trials.
Sinker said the trust has decided not to write directly to the maternity patients involved in the first breach.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 07 Dec 2023 09:30:16 +0000