Hong Kong’s privacy watchdog and police are investigating a large-scale data leak involving more than 56,000 patients served by the Hospital Authority, which reported the unauthorised retrieval of a variety of information.
The authority on Saturday apologised to affected victims – patients of hospitals in Kowloon East – for the breach that compromised their names, identity card numbers, genders, dates of birth, dates of hospital visits and details of surgical procedures, among other information.
The authority’s monitoring system detected a suspected unauthorised retrieval of patient information and a leak on a third-party platform at around 2am on Friday, although a subsequent review of its internal network systems did not indicate a cyberattack.
“[The authority] has conducted a thorough review of its internal network systems upon discovering the incident, confirming that the systems are operating normally and securely, with no indication of a cyberattack or similar factors. The authority immediately suspended the contractor’s system maintenance work,” it said.
It said it promptly reported the breach to the Office of the Privacy Commissioner for Personal Data and police and would fully cooperate with their investigations.
The authority said it would notify affected patients through various channels, including its HA Go mobile application, letters and phone calls as soon as possible. It said residents could also call a dedicated hotline if they had inquiries.
