Junior doctors working at St Helens and Knowsley Hospitals NHS Trust have had their personal details inadvertently revealed online following the careless publication of an internal spreadsheet.
The Trust runs a number of hospitals in Merseyside, Cheshire and Lancashire.
The phone numbers, email addresses, National Insurance numbers and home addresses of about 500 trainee doctors were posted on a spreadsheet linked to the website of the Trust, which runs St Helens and Whiston hospitals.
So many staff were affected because the list contained the details of all specialist trainee doctors across the North West who have been on the Health Education England scheme - all of whom, technically, have been on the Trust's payroll since 2013 (a move that was, ironically, meant to save the hospitals money on admin costs).
One of the affected doctors told the Health Service Journal: "I'm glad the Trust acted so quickly [to remove the data,] but this should never have been loaded onto the website in the first place. It has left all of us potentially at risk of identity theft or fraud or worse. It's pretty shocking."
The Information Commissioner's Office (ICO) has been informed and will no doubt be in touch with the Trust very shortly.
Matt Lock, director of sales engineers at Varonis, told V3: "The loss of personal information is becoming commonplace.
"It's important for companies to secure their data, educate their employees and contractors to ensure they have good cyber hygiene and take the steps to automate the prevention of human error - in this case preventing inappropriate access to personal information and incorporating utilities to prevent the exposure.
"Exposed personal data can be a huge vulnerability - not only an abuse of personal data privacy, but can be leveraged to breach more secure systems and put critical data at risk."
We're not sure that automation would remove the risk, because robots need to be programmed by competent IT managers - and it's looking less and less like the NHS has too many available.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all