Scribd

Posted by: Sarah - Posted on:

A message from NHSE:

  • We’ve been made aware of an online platform called Scribd which allows users to upload documents which are visible to the public. On the platform there are a number of NHS patient documents such as appointment letters, many including personal and sensitive information.
  • We do not have evidence that these documents have been uploaded as the result of a personal data breach
  • The platform may be being used by patients to upload these documents themselves
  • We have not found anything on the platform which would not be accessible to the patient themselves
  • In many cases the uploading username appears to align with the name on the document
  • We are aware that this is being highlighted as a potential data breach
  • We are encouraging organisations to investigate any reports from individuals that their data is on Scribd when they have not uploaded it themselves.
  • You can reach out to Scribd to request removal of information if you suspect it has been uploaded as the result of a breach, and should report this in line with usual practice. See our guidance on personal data breaches here:
    Personal data breaches and related incidents – NHS Transformation Directorate