Hong Kong’s privacy watchdog and police are investigating a large-scale data leak involving over 56,000 patients served by the Hospital Authority, which reported the unauthorised retrieval of a variety of information.
The authority on Saturday apologised to affected victims – patients of hospitals in Kowloon East – for the breach that compromised their names, identity card numbers, genders, dates of birth, dates of hospital visits and details of surgical procedures, among other information.
The authority’s monitoring system detected a suspected unauthorised retrieval of patient information and a leak on a third-party platform at around 2am on Friday, although a subsequent review of its internal network systems did not indicate a cyberattack.
“[The authority] has conducted a thorough review of its internal network systems upon discovering the incident, confirming that the systems are operating normally and securely, with no indication of a cyberattack or similar factors. The authority immediately suspended the contractor’s system maintenance work,” it said.
It promptly reported the breach to the Office of the Privacy Commissioner for Personal Data and police, and said it would fully cooperate with their investigations.
The authority would notify affected patients through various channels, including its “HA Go” mobile application, letters and phone calls as soon as possible. It said residents could also call a dedicated hotline that had been set up if they had inquiries.
