Eleanor MaslinEast Yorkshire and Lincolnshire
Getty ImagesThe NHS has apologised following a data breach at a company that provided wheelchairs.
NHS Humber & North Yorkshire Integrated Care Board (ICB) said NRS Healthcare experienced a “cyber security incident” on 1 April 2024, when an unauthorised third party gained access to its systems.
In June this year, the ICB, East Riding of Yorkshire Council and Hull City Council were told that service users in their areas were impacted by the breach.
On behalf of itself and the councils, the ICB said it would “like to sincerely apologise to our service users for any concern this may cause”.
NRS Healthcare has now gone into receivership after its accounts said it suffered a costly cyber attack last year and it was also understood to have been losing money on some of its contracts with councils.
NRS worked with the NHS and councils across England and Northern Ireland to supply equipment including wheelchairs and hoists to hospital beds.
The data breach in East Yorkshire impacted “personal and special category data relating to service users”, the NHS board added.
‘Distressing’
NRS reported the breach to the Information Commissioner’s Office and liaised with the National Cyber Security Centre and the police, the NHS board said.
It has been working for the past 12 months to investigate the impacted data.
The ICB said at the time of the breach it was commissioners of the service but no longer held a contract with the company.
The NHS board said: “We understand that this may be distressing for both service users and their families.”
It advised anyone who felt they were a “victim of fraudulent activity” due to the security breach to get in touch.