Data of Scottish NHS Staff Compromised in US cyber attack

U.S. Navy photo by Rick Naystatt/Released

The personal data of at least 293 Scottish NHS staff has been compromised in a cyber attack against an NHS supplier in United States.

US-based company Landauer provides ionising radiation monitoring services for 8 NHS health boards in Scotland.  The company holds detailed personal information including names, radiation dose, dates of birth and national insurance numbers.

On Tuesday, one of those NHS boards confirmed the personal data of 293 of its staff were affected by a cyber-attack on Landauer.

NHS Ayrshire & Arran chief executive John Burns said: “We have been informed by one of our service providers, Landauer, that it has experienced a data security attack on one of its UK servers which affects our staff.”

He went on to explain that no patients were affected by the breach.

Landauer has also since terminated a contract with a third-party company involved in the attack.

Scottish government ministers were notified on the 25th of January 2017 of the attack and data breach. Ministers issued a statement shortly afterwards “Landauer has taken action to ensure their systems are now secure”.