We are contacting you to let you know that a system we use to store encrypted scanned files, called PracticeHub, has been compromised and a number of documents were deleted. Whilst 100% of the documents were encrypted with a gold standard encryption protocol, there is a small possibility they may have been accessed by a 3rd party.
This was NOT a targeted approach on PracticeHub or Willow, but rather a ‘carpet bomb’ of a number of software companies who use ’S3 data servers’. The issue was quickly resolved, the security breach was fixed immediately, plus additional steps have been taken to increase security and we are working with the Information Commissioner to help their wider investigations.
The majority of your personal data is held on a separate server and therefore that information remains secure and unaffected.
We do not hold any personal financial information on PracticeHub.
The files were encrypted and we have been assured that the encryption is the highest level available.
Whilst we are grateful that the breach was quickly identified and resolved, we are very sorry that this happened.
We and our chosen software services take security very seriously and continue to invest in the highest standard of security in all our systems to protect your personal information and are taking all necessary steps to safeguard your privacy.
More information is contained in the FAQ section below. Please do get in touch with us 0117 313 3355 or firstname.lastname@example.org if you have any other questions.
What information was involved?
The server in question is used to store encrypted scanned documents, for example, forms that you may have filled out as part of your care or diagnostic imaging. These files are encrypted when they are uploaded and when they are stored using the highest level 2048-bit encryption protocols.
No financial information was in any of the affected files.
As a regulated healthcare provider we are obliged to keep information for eight years.
Is the issue resolved?
Yes. PracticeHub are experts and immediately identified the problem, took steps to resolve the security breach and are in the process of restoring the deleted files.
Additionally we are reviewing all our internal security protocols and our software provider is doing the same. We have taken all the necessary steps and will continue to review and enhance our systems wherever possible.
What should I do?
We are working with the Information Commissioner's Office to assist them with the wider investigation and so there is no action necessary to advise the authorities. If you are concerned or have more questions, please get in touch with our dedicated team:
0117 313 3355
We encourage you to be extra vigilant about your personal data. Never give personal information to someone you don’t know over the phone, online or via text message. Neither Willow nor Practice Hub will call or text you asking for personal information and so if you receive any such contact, hang up and call us on the usual number.
If you would like more information on data breaches we recommend https://ico.org.uk/
If you would like to raise a complaint about any aspect of our service including this data breach, please e-mail email@example.com and we will do everything we can to answer your questions. If we are unable to resolve your concerns through our own escalation process we will escalate the matter to the relevant regulatory body.
0117 313 3355
©2021. All rights reserved