World News

Personal details of over 18,000 people in Wales who had Covid-19 mistakenly shared online in data breach

The personal details of 18,105 people who had tested positive for coronavirus was mistakenly uploaded to a public server, Public Health Wales has announced.

In the majority of cases – 16,179 – the information consisted of their initials, date of birth, geographical area and sex. Almost 2,000 further cases also identified care homes.

A statement from the health body said the details were searchable by anyone using the site which it had been uploaded to on August 30.

In the 20 hours it was online, it had been viewed 56 times, and was the result of individual human error.

Public Health Wales says it regrets the data breach, while a risk assessment has been conducted and the risk of identification of the individuals affected by this data breach appears low.

The total number of people who have tested positive for coronavirus in Wales, as on Monday, September 14, is 19,573.

A spokesperson said: “In the majority of cases (16,179 people) the information consisted of their initials, date of birth, geographical area and sex meaning that the risk they could be identified is low.

“However, for 1,926 people living in nursing homes or other enclosed settings such as supported housing, or residents who share the same postcode as these settings, the information also included the name of the setting.

“The risk of identification for these individuals therefore is higher but is still considered low.

“There is no evidence at this stage that the data has been misused.

“The Information Commissioner’s Office and Welsh Government have been informed and we have commissioned an external investigation into the full circumstances surrounding the data breach and any lessons to be learned.

ALSO READ  Routine gas flaring is wasteful, polluting and undermeasured

“The investigation is being led by the Head of Information Governance at the NHS Wales Informatics Service.”

They added that steps have been taken to prevent a similar incident from happening again.

Tracey Cooper, chief executive of Public Health Wales, said: “We take our obligations to protect people’s data extremely seriously and I am sorry that on this occasion we failed.

“I would like to reassure the public that we have in place very clear processes and policies on data protection.

“We have commenced a swift and thorough external investigation into how this specific incident occurred and the lessons to be learned.

“I would like to reassure our public that we have taken immediate steps to strengthen our procedures and sincerely apologise again for any anxiety this may cause people.”

Anyone concerned that their data or that of a close family member may have been breached and wanting advice should firstly read the FAQs at  www.phw.nhs.wales  then email PHW.data@wales.nhs.uk  if they have any additional questions.

People can also call Public Health Wales on 0300 003 0032 to discuss their concerns. 

...

Tags

Leave a Reply

Back to top button
Close