Around 90 organisations have reported breaches of personal data held by Capita. The company is facing two issues, the first was a cyber-attack in March this year and it then later emerged that a pool of data had been left unsecured online.

NHS England released a statement regarding the Capita incident:

“NHS England has reported a data breach to the Information Commissioners’ Office following the recent cyber incident involving Capita, who informed NHS England that a document containing limited optometry information for two patients was accessed. Capita has written to the two individuals to notify them and offer support.

Capita also informed us that two files containing names and NHS numbers of deceased and de-registered patients were accessed. The files identified archived records that related to individuals who had died more than 10 years ago or who have not been registered with a GP in England for more than 10 years. No health data or other patient data was included in the lists or accessed as a result of the incident.

What do you need to do?

  • Check if your organisation uses Capita data processing services and determine whether any personal data has been affected – if so, consider reporting a data breach to the ICO.

Importance: High

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/05/ico-statement-on-capita-incident/

For further discussion and support, including data protection awareness training services please email dpa@tiaa.co.uk