A data breach has been uncovered at the National Childbirth Trust (NCT) this week, with over 15,000 new and expectant parents’ details compromised.
The London-based charity has apologised to its users and has informed them that their email addresses, usernames and an encrypted version of their passwords had been exposed in the data leak. It has assured members that no sensitive or financial information was accessed.
The hack, which targeted the NCT’s registration database, has since been reported to the police and the UK’s data watchdog, the Information Commissioner’s Office (ICO).
While the password data was encrypted, in a letter to affected parents, NCT CEO Nick Wilkie advised members to change their passwords as a precaution ‘as soon as possible for other accounts or registrations that use these details.’
On Wednesday, the organisation tweeted: “Our website is back online but there may be some further disruptions today. If you have any problems, please try again later.”
The NCT hack comes at a time when healthcare organisations are coming under increased threat from cyberattackers looking to steal sensitive user records containing valuable data that they can sell in underground markets.
In March a Florida-based cancer clinic company, called 21st Century Oncology Holdings, notified its 2.2 million patients and employees that a malicious third party had accessed their personal information, including names, social security numbers, diagnosis and treatment details, as well as insurance information.
One of the biggest breaches in the healthcare sector hit U.S. health insurance firm Anthem last year, in which 80 million records were stolen. The hack directly targeted Anthem’s computer network and leaked personal data including customer names, dates of birth, medical ID numbers, social security information, as well as home addresses and salary information. A further attack on Washington-based health insurer CareFirst followed shortly after the Anthem hack, in May 2015. In this incident, 1.1 million client records were breached.