Delays in informing NHS staff of data security breach “unacceptable”

An Assembly Member has condemned a decision to delay informing thousands of NHS staff that their private details had been stolen.

It was revealed today that data of staff at Betsi Cadwaladr health board was illegally obtained from a private contractor’s computer server and contained details including dates of birth, names and radiation doses of those working with X-rays.

It remains unclear who is responsible for the delay in informing staff of the breach.

Reacting to the news, Welsh Conservative Assembly Member for Clwyd West, Darren Millar - who was contacted by NHS staff in North Wales this week about the data breach - said:

“This really is an astonishing data security breach. The delay in informing the individuals affected are completely unacceptable.

“It cannot be right that the NHS knew about this problem many months ago and yet staff are only just now being informed.

“In that intervening period, staff – had they known – could have taken steps to protect themselves against the potential misuse of their data.

“What I really want to know is who really made the decision not to inform staff until now? Was this something that was decided by Welsh Government ministers or were these local decisions?

“I will be tabling some questions in the Senedd this week on this issue, including an urgent question, calling for a Welsh Government statement so we can get to the bottom of what happened.”