back to article Yet another UK public sector data blab, this time info of pregnant women, cancer patients

More than 22,000 patients of Cambridge University Hospitals NHS Foundation Trust were hit by data leaks that took place between 2020 and 2021. In both cases, it was an own goal when the org handed over the data itself while responding to requests made under the Freedom of Information (FoI) Act 2000. Also in both cases, …

  1. Mike 137 Silver badge

    Finally they thought of it

    "the trust has also enhanced the scrutiny of its FoI process, prohibiting spreadsheet responses"

    The most basic principle of data sharing is extract the data requested and provide only that.

    Why does this seem such an obscure concept?

    1. Helcat

      Re: Finally they thought of it

      "The most basic principle of data sharing is extract the data requested and provide only that."

      Nope: Extract only what is needed, as long as it's not possible to identify the patient from it. So no name (first or last), date of birth (rough age was okay), full postcode (first part might be okay), NHS number (big no-no!) or hospital number. And that's BEFORE you transform the data, so it shouldn't be in the data source for the pivot. In fact, in this instance only the output from the pivot should have been sent - copy and pasted from spreadsheet 1 into spreadsheet 2.

      That's the rule I worked to when I was working in a hospital, and I believe that's still the principle now.

      What happened here was a breach of GDPR, and Caldecott - the latter being the governance for medical data. If heads didn't roll, then the Caldecott guardian for the trust needs to be fired, too.

      1. yetanotheraoc Silver badge

        Re: Finally they thought of it

        "What happened here was a breach of GDPR, and Caldecott - the latter being the governance for medical data. If heads didn't roll, then the Caldecott guardian for the trust needs to be fired, too."

        Agree, but who gets the chop?

        Reading between the lines, the specific information requested was found using a pivot table, fine; the original worksheet was deleted, so far so good; but the analyst didn't realize there was a copy of the data in the pivot cache, fail. Since the audit found only 2 incidents out of 8000 requests, we can assume there is a written procedure that works, _when followed_.

        If the analyst was inexperienced then there should have been more careful oversight which is a management error. If the analyst was experienced then not following the procedure is on them.

        1. Mobster

          Re: Finally they thought of it

          It is also possible the analyst was experienced, and was the only one for a number of locations - over worked and underpaid. You know, the kind you get when you achieve "synergies" and "cost optimizations" and "become agile".

    2. Herring`

      Re: Finally they thought of it

      The current Office things have "print to PDF". Do that.

  2. Anonymous Coward
    Anonymous Coward

    Strange?

    You report on data breaches quite often, but you've missed the New Zealand Te Whatu Ora one where 4million vaccine records have been leaked.

    Strange that.

    1. t245t Silver badge
      Big Brother

      New Zealand vaccine records leak

      @Anonymous Coward Strange? “You report on data breaches quite often, but you've missed the New Zealand Te Whatu Ora one where 4million vaccine records have been leaked. Strange that.

      Not leaked, BZ Health refused to release the information so Barry Young took it upon himself to do so. The information being the number of vaccine-related deaths. Already the pharma-industrial-complex is acting to discredit him.

      Statistician arrested after deep dive into deaths after 'specific Covid vaccine batches'

      “Te Whatu Ora found out about the breach on Thursday morning through an email the individual had sent.”

  3. elsergiovolador Silver badge

    CTRL+F

    CTRL+F "Lessons will be learned"

    I am disappointed.

    1. Yorick Hunt Silver badge

      Re: CTRL+F

      So am I.

      Lessons need to be learnt!

  4. Anonymous Coward
    Anonymous Coward

    Leak now

    Avoid the rush

    Or is that “gush”?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like