NHS England has reported a breach of patient data following the Capita cyberattack.
Following the ransomware attack in March, Capita said there was “no evidence” that any data was compromised. However, since then around 90 organisations have reported breaches of personal data held by Capita.
The Information Commissioners Office (ICO) is now investigating the breach and encouraging
organisations to see if personal data they hold has been affected by the attack or by the exposed data.
Capita has informed NHS England that a document containing limited optometry information for two patients was accessed. Capita has written to the two individuals to notify them and offer support.
NHS England said Capita also informed it that two files containing names and NHS numbers of deceased and de-registered patients were accessed. “The files identified archived records that related to individuals who had died more than 10 years ago or who have not been registered with a GP in England for more than 10 years. No health data or other patient data was included in the lists
or accessed as a result of the incident,” it said in a statement on its website.
If you liked this content…
Hackney Council faces ICO after refusal to answer questions over 2020 cyberattack
From Reactive to Agentive: How AI is Redesigning Public Services
Ransomware payment ban: Public sector currently pays out more than anyone else
Ransomware: UK to ban public sector from paying out
UK public sector: cyberattack is “a matter of time”
An independent cybersecurity expert, appointed by Capita, has not found any evidence that the information has been made available more widely, it added.
Capita employs more than 50,000 people in Britain and is one of the government’s biggest suppliers. The company has £6.5 billion-worth of public sector contracts, including London’s congestion charge system and recruitment for the army. Its largest government customer is the Department for Work and Pensions (DWP), which has contracted £2 billion of work to Capita, mostly on its disability payment
assessment services, although it also serves the National Cyber Security Centre (NCSC), the Cabinet Office and other government agencies.
Many local councils pension schemes administer payments through Capita. The BBC reports that a number of councils have said they believe personal data was put at risk, although Capita initially told journalists it did not believe that this was the case.
Earlier this month, The Pensions Regulator (TPP) wrote to more than 300 pension funds asking them to check if their data had been put at risk by the attack.
