Gloucestershire Health and Care- NHS Trust logo
with you, for you
Responses > Data Breaches and Security Incidents

Freedom of Information request Data Breaches and Security Incidents

Response published: 24 September 2025
IT

FOI Request

I am writing under the Freedom of Information Act 2000 to request the following information; 1) Has your organisation been notified of any data breach or security incident in the last 3 years involving systems built upon or integrated with Salesforce? 2) Has your organisation experienced, or been informed of, any incidents relating to procurement or contract management systems that operate using Salesforce, namely the Atamis e-Procurement suite of software? Please provide details of; • The date the incident occurred • The nature of the compromised data (such as commercial, personal, financial) • If the breach was reported to the Information Commissioner’s Office • Any remedial action taken by your organisation 3) Further to this, has your organisation undertaken any risk assessments in relation to the use of systems integrated with Salesforce. If so, please provide a summary of the findings.

FOI Response

Freedom of Information Request – Ref: FOI 244-2025

Thank you for your recent Freedom of Information request. Please find our response below.

You asked:

1) Has your organisation been notified of any data breach or security incident in the last 3 years involving systems built upon or integrated with Salesforce?

Our response:

Yes, the Trust was notified but not affected.

You asked:

2) Has your organisation experienced, or been informed of, any incidents relating to procurement or contract management systems that operate using Salesforce, namely the Atamis e-Procurement suite of software?

Please provide details of;

• The date the incident occurred
• The nature of the compromised data (such as commercial, personal, financial)
• If the breach was reported to the Information Commissioner’s Office
• Any remedial action taken by your organisation

Our response:

No, we do not have any systems that operate using Salesforce.

You asked:

3) Further to this, has your organisation undertaken any risk assessments in relation to the use of systems integrated with Salesforce. If so, please provide a summary of the findings.

Our response:

No, we do not have any systems integrated with Salesforce

Next steps:

Should you have any queries in relation to our response, please do not hesitate to contact us. If you are unhappy with the response you have received in relation to your request and wish to ask us to review our response, you should write to:

Louise Moss
Head of Legal Services / Associate Director of Corporate Governance
c/o Gloucestershire Health and Care NHS Foundation Trust
Edward Jenner Court
1010 Pioneer Avenue
Gloucester Business Park
Brockworth, GL3 4AW
E-mail: louise.moss@ghc.nhs.uk

If you are not content with the outcome of any review, you may apply directly to the Information Commissioner’s Office (ICO) for further advice/guidance. Generally, the ICO will not consider your case unless you have exhausted your enquiries with the Trust which should include considering the use of the Trust’s formal complaints procedure. The ICO can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.