Home > News > Notice of data breach

Notice of data breach

You may have heard reports recently about a security issue involving Evide Impact Limited (‘Evide’). We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you.

What is Evide?

Evide is an online database controlled by Evide Impact Limited which Healthworks captures and reports on personal and demographic data to monitor and demonstrate impact of a range of intervention services.

What happened? (Statement from Evide Impact Limited)

“On 29 March 2023, Evide became aware of an incident whereby unusual traffic was detected on its network. Evide’s clients informed us that there was a message on our database that a server could not be found and we noticed that some servers had been deleted. Upon discovery of the suspicious activity, the affected servers and systems were immediately taken offline. We have been informed by the cyber-security specialists that in the course of the cyber security incident an unauthorised third party gained access to our IT systems. The unauthorised party has since made direct contact with us and provided some evidence that it has exfiltrated our clients’ data. Whilst we cannot guarantee that all client data has been exfiltrated at this stage, we are operating on the assumption that all of our clients’ data has been exfiltrated from our systems.”

What information was involved?

The data accessed may have included personal information such as; Full names, Address, contact numbers, email address, date of births and ethnicity. To our knowledge, the data accessed did not include any sensitive health information.

What we are doing?

As a precaution, we invalidated passwords of all User accounts and forced reset. In addition, we continue to use automated tools to attempt to identify and block any unwanted activity that might occur on our account. We are also actively working closely with the Information Commissioners Office (ICO).

Healthworks values your privacy and deeply regrets the occurrence of this incident. The Data Controller (Evide Impact Limited) are conducting a thorough review of those potentially affected with support from cyber security specialists and law enforcement; they will provide further information as the investigation progresses. We will notify you if there are any significant developments.

What you can do

We have several dedicated teams working diligently to ensure that the information members entrust to Healthworks remains secure. Please see the personal information toolkit booklet from ICO, for further information on steps you can take to protect your information https://ico.org.uk/media/1042838/personal_information_toolkit.pdf.

For more information:  if you have any questions, please feel free to contact our Data Protection team at [email protected] or call 0191 272 4244.