Hospital staff sick days exposed in data breach
PA MediaPersonal details of thousands of current and former staff working for a hospital trust have been exposed in a data breach.
Royal Cornwall Hospitals NHS Trust said it had written to 8,100 current and former employees after an editable spreadsheet containing staffing data was "inadvertently disclosed" as part of a Freedom of Information (FOI) request.
The names and job titles of staff together with descriptions about sickness absences and their dates were disclosed, but no patient data or financial information was compromised, the trust said.
It apologised to those affected and said immediate action was taken, adding it took "the security of personal information extremely seriously".
A spokesperson said: "We know that any data breach can cause concern. We want to reassure people that we have acted swiftly to contain the issue and strengthen our safeguards.
"This incident has reinforced our commitment to learning and improving our processes to maintain the highest standards of data protection."
The data breach affected staff working for the trust between April 2020 and May 2023.
It said the spreadsheet had been removed from its website disclosure log, the log had been temporarily suspended while a review takes place and the breach was reported to the Information Commissioner's Office (ICO).
The trust said a new process had been put in place to ensure electronic spreadsheet files were disabled before any FOI disclosure, and additional checks were being introduced.
It added: "We thank our staff and community for their continued trust and support as we work diligently to safeguard information."
A spokesperson for the ICO said: "Royal Cornwall Hospital reported an incident to us. We carefully assessed the information provided and, after giving data protection advice, concluded no further action was necessary at this time."
Follow BBC Cornwall on X, Facebook and Instagram. Send your story ideas to [email protected].
