Hong Kong’s Hospital Authority apologised on Saturday for a data breach affecting more than 56,000 patients from Kowloon East hospitals. The privacy watchdog and police are investigating after unauthorised retrieval of patient data was detected around 2am on Friday.
Hong Kong’s Hospital Authority apologised on Saturday to more than 56,000 patients from Kowloon East hospitals after a data breach compromised their personal information. The leaked data included names, identity card numbers, genders, dates of birth, hospital visit dates and details of surgical procedures.
The authority’s monitoring system detected suspected unauthorised retrieval of patient information and a leak on a third-party platform at around 2am on Friday. A subsequent review of internal network systems found no indication of a cyberattack, with operations normal and secure. The authority stated: “[The authority] has conducted a thorough review of its internal network systems upon discovering the incident, confirming that the systems are operating normally and securely, with no indication of a cyberattack or similar factors. The authority immediately suspended the contractor’s system maintenance work.”
It promptly reported the breach to the Office of the Privacy Commissioner for Personal Data and police, including the Cyber Security and Technology Crime Bureau, pledging full cooperation with investigations.
Affected patients will be notified via the HA Go mobile app, letters and phone calls as soon as possible, with a dedicated hotline available for inquiries.