NHS England has reported a data breach to the Information Commissioners’ Office following the recent cyber incident involving Capita, who informed NHS England that a document containing limited optometry information for two patients was accessed. Capita has written to the two individuals to notify them and offer support.
Capita also informed us that two files containing names and NHS numbers of deceased and de-registered patients were accessed. The files identified archived records that related to individuals who had died more than 10 years ago or who have not been registered with a GP in England for more than 10 years. No health data or other patient data was included in the lists or accessed as a result of the incident.
An independent cyber security expert, appointed by Capita, has not found any evidence that the information has been made available more widely.