Incident Details
The hospital trust expressed regret for the disclosure of confidential data belonging to over 22,000 patients in two separate incidents. The incidents, which occurred in 2020 and 2021, impacted individuals receiving maternity and cancer care at Addenbrooke’s Hospital in Cambridge. Roland Sinker, the CEO of Cambridge University Hospitals NHS Foundation Trust, acknowledged that these breaches were only discovered recently. Both incidents occurred due to inadvertent inclusion of patient data in Excel files while handling requests under the Freedom of Information Act (FOI).
Incident
How Did the Breach Happen?
Patient information was inadvertently integrated into Excel spreadsheets that were disclosed to fulfill requests under the Freedom of Information Act (FOI), leading to the breaches.
What Data has been Compromised?
The data breach involved personal details such as names, hospital numbers, certain medical records, and references to women who underwent terminations or miscarriages. The compromised information did not contain any home addresses or dates of birth.
Why Did the company's Security Measures Fail?
The security protocols were compromised as patient data was mistakenly included in the Excel files that were disclosed in response to Freedom of Information inquiries.
What Immediate Impact Did the Breach Have on the company?
The incident resulted in a breach of patient confidentiality and a erosion of trust. The hospital issued an apology for the breach and conveyed their unease regarding the potential distress it could inflict upon patients.
How could this have been prevented?
In order to avoid this security breach, the hospital trust should have utilized more robust data protection methods, like ensuring a thorough verification and assessment of the data shared in response to FOI requests.
What have we learned from this data breach?
The significance of safeguarding and correctly managing sensitive patient data is underscored by this breach. This incident underscores the necessity of thorough evaluations and strategies to avert similar occurrences moving forward.
Summary of Coverage
In 2020 and 2021, Addenbrooke’s Hospital encountered two incidents of unauthorized data disclosure, affecting over 22,000 patients' confidential information. These breaches were caused by the inadvertent incorporation of patient data in Excel files shared in response to Freedom of Information (FOI) inquiries. The compromised data contained patients' names, hospital ID numbers, and certain medical details. The hospital administration expressed regret for these incidents and recognized the importance of enhancing security protocols to safeguard the privacy of patient records.