Personal information of up to 3,200 GPs was available online in a ‘potential data breach’ being investigated by a locum bank.
A backend version of Lantum’s old website, Network Locum, had been accessible online, with affected users informed today.
The data from 2014 to 2016 comprised information required by Lantum when GP locums sign up, which could include passport details, medical documents, and home addresses.
Pulse understands there could also have been some bank details exposed via invoices.
After being alerted to the ‘potential vulnerability’, the company made the data from the old website inaccessible.
A spokesperson for Lantum said: ‘While this data may have been accessible to unauthorised individuals, there is currently no indication that data has in fact been accessed and no reason to suspect that this is the case.
‘We are, however, treating this matter as a potential data breach and will continue to liaise with any individuals who may be affected should more information be revealed by our investigations.’
Lantum, previously named Network Locum, is an online workforce management platform which connects GP practices with locums without having to go through agencies.
Lantum confirmed the data is from documents uploaded between 2014 and September 2016, at which point the company migrated to a different website as part of an upgrade.
GP locums affected by this have been advised by Lantum ‘to take precautions to protect their identity’.
A spokesperson said: ‘We would stress that since 2016, we have been operating on a completely different and highly secure platform, which conforms to the latest UK government approved and international security standards and undergoes regular testing.
‘So there are no grounds for any concern regarding security of information that has been provided to Lantum since 2016.
‘We have informed the regulator and have brought in specialist privacy and cyber consultants to investigate further and advise on any additional steps we may need to take.’
If the investigation finds that a breach did occur, meaning the data was accessed by unauthorised parties, Lantum will advise its GP locum users further.
Between 2017 and 2020, Lantum’s chief executive Melissa Morris was backed by the NHS Innovation Accelerator (NIA), which supports ‘exceptional individuals to scale promising innovations across England’s NHS’.
On the NIA website, Lantum is described as a ‘platform that uses Artificial Intelligence and Machine Learning to automate the manual processes involved in organising staff to fill clinical rotas’.
Earlier this week, NHS England reported a data breach involving GP information following a cyber-attack concerning Capita, which affected 90 organisations.
Now if these guys could kindly speak to the guys that broke into Crapita we might have a working pensions system.
The fact that the new system “conforms to the latest UK government approved and international security standards” would certainly be strong grounds for concern in my book.
perhaps the commercial licences of the server provider need considering?