The NHS has apologised after a major data breach at wheelchair and equipment supplier NRS Healthcare exposed sensitive patient information.
NHS Humber & North Yorkshire Integrated Care Board (ICB) confirmed that NRS Healthcare suffered a **cyber security incident** on 1 April 2024, when an unauthorised third party gained access to its systems.
By June, the ICB, East Riding of Yorkshire Council and Hull City Council were informed that service users in their areas had been affected. In a joint statement, the ICB said it would “like to sincerely apologise to our service users for any concern this may cause”.
The cyber attack compromised “personal and special category data relating to service users” in East Yorkshire, the NHS board revealed.
NRS Healthcare, which supplied wheelchairs, hospital beds, hoists and other medical equipment across England and Northern Ireland, has since entered receivership. The company cited both financial losses on council contracts and the costly cyber attack as key reasons for its collapse.
The ICB noted that it was commissioning the service at the time of the breach but no longer holds a contract with the company. It added: “We understand that this may be distressing for both service users and their families.”
NRS Healthcare reported the breach to the Information Commissioner’s Office and has been working alongside the National Cyber Security Centre and the police. For the past year, it has been carrying out investigations to identify the scale of the compromised data.
The ICB has urged patients to remain vigilant, advising anyone who believes they may be a “victim of fraudulent activity” as a result of the breach to come forward.
