The NHS has suffered yet another cyber security incident, this time involving the confidential records on up to 1.2 million patients.
Its SwiftQueue appointment booking system was breached, exposing a database containing personal details on over a million patients. However, SwiftQueue was quoted claiming only 32,501 “lines of administrative data” have been accessed. They claim this is limited to only the names, dates of birth, phone numbers, and email addresses of patients.
The culprit is said to have ties to the infamous hacker group, Anonymous. In a quote given to The Sun by a supposed member of Anonymous, the member claims, “I think the public has the right to know how big companies like SwiftQueue handle sensitive data.”
They told the paper that the hack exploited weaknesses in the SwiftQueue software that should have been patched a number of years ago. They claim to have downloaded the company’s entire database, containing 11 million records, contrary to what SwiftQueue has tried reassuring patients of.
It's incidents like these that remind us that even if your organizations’ IT environment and systems are secure, but your third party providers are not, you can still put your customers at risk and suffer the devastating consequences of a data breach. NNT suggested introducing System Hardening and Vulnerability Management to your IT environment to mitigate all known vulnerabilities and ensure your systems remain secure from hackers and malicious insiders.
Read this article on SCMagazine