The breach may be relevant to pharmacists that have ever worked for or provided locum services to Well (or a predecessor company) since at least as far back as 2003. Each affected pharmacist may be entitled to compensation, possibly ranging from hundreds to the low thousands of pounds, depending on individual circumstances and facts.
“Well has informed us that the email was sent to 1,050 people, of whom 376 were potentially able to access the spreadsheet,” said Mark Pitt, PDA Director of Defence Services. “We are looking into this claim on behalf of our members and have informed them of what we now know about the breach, what we’re doing to help members and what action they can take.”
The spreadsheet contained 24,099 rows of data, with one person per row. There were 68 columns of data, with an average of 28 columns completed per person. The data in the spreadsheet included names, address, phone numbers, email addresses and payroll numbers.
The data in the spreadsheet also included, amongst other things:
- Locum hourly rates (including premium rates, Saturday rates and holiday rates)
- Whether or not the pharmacist will work with an ACT, the distance they’re willing to travel and what services they can provide
- A column entitled “Reason for Inactivation” including almost 6,000 entries, which could potentially have the unintended consequence of amounting to a “blacklist” of individuals. This is denied by Well, who say that at no time has it ever operated a “blacklist” or would ever consider such improper practice.
- 34 different “Reasons for Inactivation” for individuals, which it appears could be selected from a defined list. The reasons used include the following:
- Being Investigated speak to PST
- Business Risk
- Ex-employee – dismissed
- Health Concerns
- Maternity leave
- Branch feedback
- RDM feedback
- Inappropriate behaviour [it is not known what this is based on]
- Fitness to Practice Issue [Well has stated this was captured from the GPhC website]
- Datix feedback
- Don’t use in busy branches
- Payment Rates/Overclaiming
- Unreliable Locum (ORPD)
- Details of whether a person is a key holder, has CRB clearance, or has religious requirements (Yes or No fields)
- A free type comment field including comments made about 500 of the people on the spreadsheet.
It is unclear why such sensitive data was held in this easily-shared format rather than in a restricted corporate database. Well have said this was shared due to a human error.
Well has advised the PDA that it has sent an email to those with a valid email address. Well also advised that it has used the services of a secure external mailing house to validate addresses and send letters to everyone else affected.
PDA members that would like to be part of the claim have been invited to complete this short survey to notify the PDA that they wish to be included in any collective action. This is a free PDA member benefit. FAQs can be found here.
Pharmacists that are not yet PDA members are also encouraged to join the PDA and get further help and support.