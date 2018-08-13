THE MEDICAL RECORDS of 'millions' of NHS patients could be at risk after a hack exposed the passwords of 10,000 care home and hospital staff.

An investigation by The Sunday Telegraph found that Embrace Learning, a Cheshire-based online training business that claims to offer "cost-efficient, engaging and effective" e-learning to healthcare workers, was hacked in 2016.

This attack exposed the email addresses and passwords of registered NHS staff, details that were then flogged on the dark web for "ten times more" than credit card details.

An as-yet-unknown hacker also published 500 email addresses and passwords were also online in December 2016, likely to provide a sample to prospective customers looking to purchase the full database

19 NHS trusts and organisations were affected by the breach, including the Royal Free Hospital in London and Northampton General Hospital.

A spokesperson for Cumbria Partnership NHS Foundation Trust, which had 200 passwords stolen in the attack, said: "Cumbria Partnership NHS Foundation Trust used Embrace Learning for online staff training between 2011 and 2014. Where we are able, we have contacted each member of staff to inform them of Embrace Learning's data breach.

"As a Trust we take data security very seriously and as such all staff are forced to change their passwords regularly, therefore, we are confident that our staff details remain safe. We have robust policies and processes in place and regularly update our staff of the importance of all types of cybersecurity."

Databases at local councils including Essex County Council, Halton Borough Council and Bedford Borough Council are also at risk, The Sunday Telegraph reports.

An Embrace Learning spokesman said in a statement: "There was a data breach on our servers in 2016. On reflection, our security measures at that time were clearly not sophisticated enough to prevent data being stolen.

"The breach prompted immediate action. In consultation with our ISP UKFast, we significantly increased the level and sophistication of security and encryption. Since then we have taken further measures to protect data from increasingly sophisticated hacking attempts.

"We routinely monitor the security of our systems. There have been no successful attacks on our servers since new measures were implemented in 2016." µ