Hong Kong police have arrested an employee of a systems maintenance contractor hired by the Hospital Authority on suspicion of stealing the personal data of more than 56,000 patients and 1,000 staff members.
The arrest of a 30-year-old local man came just days after the authority reported on Saturday a suspected data leak involving patients in the Kowloon East group of hospitals on a third‑party platform, with police and the privacy watchdog investigating.
Police revealed on Wednesday that more than 1,000 authority employees were also affected as well as over 56,000 patients.
The information was found to be available for download on an online forum. It was still online on Wednesday night, the South China Morning Post learned.
The authority on Saturday apologised to victims – patients of hospitals in Kowloon East – for the breach that compromised names, identity card numbers, genders, dates of birth, hospital visit dates and details of surgical procedures, among other information.
It said on Wednesday that its preliminary findings showed that the leaked data involved only United Christian Hospital in Kwun Tong, with no other facilities in Kowloon East affected.
