Mobile numbers of NHS staff leaked in third party data breach

Several NHS staff members in Scotland have had their mobile phone numbers exposed in a data breach involving a third-party supplier to multiple health boards.

NHS Grampian confirmed that mobile numbers were compromised, affecting a small number of staff across various NHS boards. The incident specifically involved software used for staff scheduling and management, where all text messages sent on the system over the past three months were compromised. The messages primarily contained generic information, such as shift confirmations, and did not include personal or patient data.

NHS Grampian, NHS Dumfries and Galloway, and other health boards using the bank staff rostering system are affected. The breach involved mobile numbers, possibly obtained by unknown individuals. There is no evidence that other personal data was exposed.

The number of affected individuals is not disclosed.

NHS National Services Scotland claim that there is no risk to patient data. Affected staff will be notified and provided guidance. Staff have been advised to remain vigilant for calls or texts from unknown numbers.

The Scottish government and the Information Commissioner have been informed of the incident, and impacted individuals will be contacted by their respective health boards.