Data breach at Landauer exposes radiographers’ personal details

Published: 14 February 2017 Ezine

The Information Commissioner’s Office is investigating an incident that is believed to have compromised the details of thousands of health and medical professionals at radiation monitoring provider, Landauer.

Employers who use the company for dosimetry monitoring have received lists of staff who had personal information stolen from Landauer’s database by an unknown party.

The data lost is understood to include:

  • Individual’s names
  • Radiation dose
  • Dates of birth, and
  • National insurance numbers

In a letter to affected staff from the HR department of Tayside NHS Board, it was stated that the “data security attack took place on 6 October 2016, however we were only notified of the incident by Landauer on 17 January 2017.”

The letter continues: “We have received assurances from Landauer that it acted swiftly to secure its servers and that, since the attack, it has undertaken significant measures in connection with its UK IT network to ensure that no further information can be compromised.”

Landauer have offered affected individuals a year’s free membership with credit monitoring company Experian, which will provide:

  • Unlimited access to a credit report
  • Credit alerting - a text or email that alerts a member of Experian of changes to their credit report
  • Access to identity theft resolution
  • For individuals at a ‘higher risk of fraud’, Experian can provide CIFAS registration (a fraud protection service) to prevent credit being applied for in their name

Landauer have been asked by the Society to provide more information about the breach and how many radiographers are affected, but they have not responded.

The Information Commissioner’s Office said, “We are aware of this incident and are making enquiries. The organisations impacted should be informing staff if they are affected.”

Richard Evans, the Society’s chief executive officer said: “Our advice to members is if you know that your employer uses Landauer’s products or services and you have not been contacted, ask if they have been notified by the company and are aware of the data breach and if you or any colleagues have been affected by it.”

If you have specific questions, contact the Information Commissioner’s Office.