A hacker has stolen the personal details of thousands of Welsh NHS medical staff following an attack on a server operated by the service's IT contractor Landauer.
NHS Wales said not every staff member was impacted in the same way since a different combination of data was held on each staffer.
Over 500 people working at Velindre NHS Trust and 654 at Betsi Cadwaladr University Health Board were victimised.
Hackers made off with information including names, birthdates, national insurance numbers, and radiation doses.
The Welsh NHS called the data breach “deeply disappointing”. Staff members were reportedly told of the incident in early March even though it first occurred in October last year.
Landauer told Velindre Hospital of the breach January 4.
“We are writing to inform you of a recent data security attack that was made on one of Landauer's UK servers. An unknown third party was able to install malware onto the server which made a copy of data," it said.
Andrea Hague, director at the Velindre NHS Trust, said the delay in notification was due to “ongoing discussions with the host company”.
Velindre NHS Trust is carrying out a full investigation and working with Landauer to prevent any future breaches, it said.
A spokesman for Betsi Cadwaladr health board said no patient information had been affected.
“We have contacted all the staff to reassure them that Landauer has acted swiftly to secure its servers and that, since the attack, it has undertaken significant measures in connection with its UK IT network to ensure that no further information can be compromised," the spokesperson said.