Thank you for the question. The servers were provided by a third-party company named Landauer. They informed Velindre NHS Trust on 17 January 2017 that they had been subject to cybersecurity attack on 6 October 2016 and that staff information had been accessed. Landauer has confirmed that the breach occurred on its UK servers at its headquarters in Oxfordshire, and full details of the incident were provided to Velindre by Landauer on 26 January 2017.