Hong Kong police have arrested a man working for a contractor commissioned by the Hospital Authority on suspicion of stealing the personal data of more than 50,000 patients, the South China Morning Post has learned.
The arrest came just days after the privacy watchdog and police said they were investigating a large-scale data leak involving more than 56,000 patients served by the authority, which reported the unauthorised retrieval of various information.
The SCMP has learned the man made an unauthorised entry into the concerned system and retrieved the data. His motive is under investigation.
The case did not involve blackmail or the sale of data on the dark web.
The authority on Saturday apologised to victims – patients of hospitals in Kowloon East – for the breach that compromised names, identity card numbers, genders, dates of birth, hospital visit dates and details of surgical procedures, among other information.
Its monitoring system detected suspected unauthorised retrieval of patient information and a leak on a third-party platform at around 2am on Friday, though a subsequent review of internal network systems did not indicate a cyberattack.
