https://www.bbc.com/news/uk-wales-54146755
https://archive.is/Wp5Eg
Coronavirus: 18,000 test results published by mistake (UK)
The details of more than 18,000 people who tested positive for coronavirus were published online by mistake by Public Health Wales.
The health body said the data of 18,105 Welsh residents was viewable online for 20 hours on 30 August.
Most cases gave initials, date of birth, geographical area and sex, meaning the risk of identification was low, Public Health Wales (PHW) said.
However 1,928 people in living in communal settings were more at risk.
Nursing home residents or those living in supported housing also had the name of their place of residence published, meaning the risk, while still considered low, was higher.
The incident was the result of "individual human error" when the information was uploaded to a public server searchable by anyone using the site.
PHW said the information had been viewed 56 times before it was removed but there was no evidence so far that the data had been misused.
What is Public Health Wales doing about the data breach?
Chief executive Tracey Cooper told BBC Wales the failure was one of the "biggest data breaches" she had come across and said it "should never have happened".
Dr Cooper also said Public Health Wales could have acted more quickly in removing the information.
The person who was alerted to the breach on the evening of 30 August after the information was posted at 14:00 that day did not follow the body's serious incident reporting procedures.
The data was not removed until 09:55 the next morning.
Finding out why is part of the terms of reference of an external investigation which will be carried out by NHS Wales Informatics Service. "I think we should have taken it down quicker," she said.
…
What has the reaction been?
Welsh Conservative spokesman on health, Andrew RT Davies MS, said: "I acknowledge that the risk is considered to be 'low', but I'm not sure that that will be much comfort to the nearly 2,000 residents of care homes or other enclosed settings whose - albeit limited - information was posted along with their place of residence.
"The health minister appears to have sat on this for two weeks and done a press conference earlier today without disclosing this significant failing - and that's unacceptable."
…
Second data breach
The Information Commissioner's Office (ICO) and the Welsh Government have been informed. The ICO said it would be making inquires following the alert.
This is the second time a part of the Welsh NHS has had to refer itself to the ICO over a data breach during the pandemic.
In April, NHS Wales Informatics Services - the health service's IT arm - contacted the watchdog after 13,000 shielding letters were sent to the wrong addresses.
…