PROVING THAT the NHS doesn't need ransomware to splurge its assets across the open internet, a Trust running two hospitals in Merseyside has posted a bucket of personal data online.
The phone numbers, email addresses, national insurance numbers and home addresses of about 500 trainee doctors were posted on a spreadsheet linked to the website of the Trust, which runs St Helens and Whiston hospitals.
So many staff were affected because the list contained the deets of all specialist trainee doctors across the North West who have been on the Health Education England scheme - all of whom, technically, have been on the Trust's payroll since 2013 (a move that was, ironically, meant to save the hospitals money on admin costs).
One of the affected doctors told the Health Service Journal: "I'm glad the Trust acted so quickly [to remove the data,] but this should never have been loaded onto the website in the first place. It has left all of us potentially at risk of identity theft or fraud or worse. It's pretty shocking."
Matt Lock, director of sales engineers at Varonis, told INQ: "The loss of personal information is becoming commonplace.
"It's important for companies to secure their data, educate their employees and contractors to ensure they have good cyber hygiene and take the steps to automate the prevention of human error - in this case preventing inappropriate access to personal information and incorporating utilities to prevent the exposure.
"Exposed personal data can be a huge vulnerability - not only an abuse of personal data privacy, but can be leveraged to breach more secure systems and put critical data at risk."
We're not sure that automation would remove the risk, because robots need to be programmed by competent IT managers - and it's looking less and less like the NHS has any to hand. µ
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break