London council warns residents’ data may have been compromised by cyber attack

296
Guildhall
Image credit LDRS

A London council has warned residents their personal data may have been compromised after a healthcare provider was hit by a cyber attack.

The City of London Corporation said it is working with NRS Healthcare to understand the extent of the breach, and will be in contact with any residents whose information has been taken.

The Corporation has advised residents to be cautious when opening emails, not to click on any links or documents unless certain they are genuine, and to be careful about text messages, phone calls and home visits.

A spokesperson for NRS Healthcare told the Local Democracy Reporting Service (LDRS) it is reviewing the affected data ‘as a matter of urgency’, though that the process will take time.

According to the City of London website, NRS Healthcare “is one of the largest providers of aids to daily living, medical devices, therapy equipment, wheelchairs, continence products and Technology Enabled Care to adults and children who are social care clients and/or in receipt of healthcare services.”

NOW READ: Sadiq Khan accused of allowing Tories to ‘dictate’ pay-per-mile policy

The provider was hit by the cyber attack at the start of April. NRS Healthcare said it reported the cyber attack to the Information Commissioner’s Office (ICO) within the requisite 72-hour period, with the watchdog confirming to the LDRS it is ‘making enquiries’ into the incident.

The City of London said it is currently unsure as to how many, if any, residents have been affected by the attack.

It said it knows of 235 residents in the City whose information is held by NRS Healthcare, though that there is the potential for others who have purchased services privately to also be compromised.

A spokesperson for the Corporation said: “We have been notified that NRS Healthcare, one of our suppliers of health and care products, has suffered a cyber-attack and personal data has been breached. This has impacted local authorities and Health Providers across the country. We are working with NRS Healthcare to understand the extent of the breach and will contact affected users directly if their information has been taken.

“At this time, it is not clear what personal data has been taken in this incident but we are asking residents to be extra-cautious when opening emails. Don’t click on any links or documents unless you are sure they are genuine. And be especially careful about text messages, phone calls and home visits from people, especially those you are not expecting.

“We have set up a dedicated web page on our website, and if residents are concerned they can email our Adult Social Care Team at [email protected] or call 020 7332 1224.”

A spokesperson for NRS Healthcare apologised to those impacted, and said it swiftly appointed external experts to investigate what had happened soon after the incident. It has since worked to minimise disruption for users and restore functionality.

They added: “Simultaneously, external experts have been monitoring online sources for any mention of NRS Healthcare and/or its data. Unfortunately, a post has been identified which names the company and includes some data taken from its systems.

“Our experts are conducting a thorough review of the affected data as a matter of urgency. This is a complex process which will take time. At this stage, it is understood that the affected data relates only to an internal part of the Company’s network and is not from core customer systems; however, the possibility cannot be ruled out that elements of data including information related to customers could have been copied to the internal part of the network.”

An ICO spokesperson said: “We have received a breach report from Nottingham Rehab Limited, trading as NRS Healthcare, and are making enquiries.”

For the latest headlines from the City of London and beyond, follow City Matters on TwitterInstagram and LinkedIn.