UK: Croydon Health Services NHS Trust gets wrist slapped by ICO over breach

From the Information Commissioner’s Office:

An undertaking to comply with the seventh data protection principle has been signed by Croydon Health Services NHS Trust.

This follows an incident where correspondence giving the outcome of a patient complaint had been misaddressed resulting in sensitive personal data being sent to an unintended recipient.

On investigation the ICO discovered that, although the Trust had some organisational measures in place, the error had been made by a temporary bank staff employee who had not received all the appropriate training and guidance in relation to the role they were expected to fulfil; there was a lack of a formal checking procedure to ensure the accuracy of correspondence as to both address and content before dispatch; key recommendations from previous breach investigation reports in relation to similar incidents had not been implemented and were identified as being a major contributory factor in relation to this breach.

How a hacking gang held Italy’s political elites to ransom
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure
On Reports of an Alleged Data Breach Involving G-Xchange, Inc. (GCash)
Two U.K. teenagers appear in court over Transport of London cyber attack
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Toys “R” Us Canada customers notified of breach of personal information

Related: