You may have read about a data breach involving many records, including medical files, held by a company called Stor-a-file. Stor-a-file provides electronic data storage for a wide variety of organisations, including healthcare providers. BPAS is one of Stor-a-file’s clients, and a small number of files obtained when Stor-a-file was subject to a cyber incident earlier this year related to women who had been treated at BPAS between 2013 and 2016. We have already reached out to women affected using the details they gave us when they were treated with us.
In total, files belonging to six women who had been treated at BPAS were obtained alongside a large number of other records from Stor-a-file. The breached data in its entirety was put on the so-called “dark web”, a part of the internet that is only accessible with specialist software. The documents cannot be found with a regular search engine and we have been advised by the National Crime Agency that it is extremely unlikely this data will emerge on the open internet. No other files belonging to any other client have been affected. Nevertheless if you are concerned or have questions please send us a message with your name and phone number at email@example.com and we will respond as quickly as we can.
The records in question were scans of documents that had been sent by Stor-a-file when BPAS had received a request for client files held in storage, and Stor-a-file sent us a copy. These copies are now deleted by Stor-a-file within 72 hours of BPAS confirming receipt.
Our priority is always the wellbeing of our clients, and we know privacy and confidentiality is paramount. We are in contact with the Information Commissioner’s Officer (ICO) and the relevant crime agencies following this incident.