Confidential emails accidentally leaked on NHS project management site
An NHS Trust has leaked dozens of confidential emails online after staff failed to use the project management website Trello correctly.
The Brighton and Sussex University Hospitals NHS Trust used the site to store files and confidential emails, and accidentally made documents available for anyone to view online using Google.
There is no evidence that UK patient data has been exposed online through Trello. However the NHS’S misuse of the site suggests that staff have failed to follow basic data protection rules.
A Daily Telegraph investigation has shown that the increasingly widespread but poorly supervised use of Trello by different Whitehall departments has led to a string of embarrassing leaks of files and information by the Cabinet Office and Home Office among others.
Documents accidentally made public included internal NHS files about training procedures, emails marked “confidential and privileged” and part of a staff database.
A spokesman for the Trust said: “The Trello board you’ve identified has now been returned to ‘private’ status.
“The information on that board did not disclose patient information or confidential staff information, and was used to coordinate a complex project roll-out across a large team.
“The Trust is reviewing its IG [Information Governance] policies and intends to distribute an IG handbook to ensure that information is more ready available to staff.”