RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Cambridge University Hospitals (CUH)

Company

Content

Owners

History

2023: Data breach of more than 22,000 patients

More than 22,000 hospital patients Cambridge University (Cambridge University Hospitals NHS Foundation Trust) were targeted data breaches between 2020 and 2021. In both cases, the organization itself referred, data responding to requests made under information the Freedom of Information Act (FOIA) of 2000. Confidential information remained visible in spreadsheet summary tables. Excel This became known on December 8, 2023.

Most of the patients whose data were made public (22,073) were patients in the maternity ward of The Rosie Hospital at Addenbrooke's Hospital. Disclosures included names and medical details of birth outcomes and birth dates.

The patients, booked in for an appointment at Rosie Hospital between 2 January 2016 and 31 December 2019, were affected by the leak, which was published on the WhatDoTheyKnow website, which allows citizens to make FOIA-based inquiries to UK authorities. The site deleted the data after learning of its disclosure. The data was available on WhatDoTheyKnow from November 18, 2020 to November 1, 2023.

The Freedom of Information (FOIA) request itself contained information on a number of issues, including the number of pregnant women, rates of premature birth and infant mortality.

An additional case of data breach was also found in 373 patients participating in clinical trials cancer in 2021. In this case, the information was provided to Wilmington PLC, a private company that owns brands in the publishing, information and training sectors, focusing on compliance, jurisprudence and. to health care

The NHS Foundation Trust has sent a letter to Wilmington PLC asking it to remove the transmitted data. The FoI request sought details related to the treatment of patients with specific cancer types within the last 6 months from the time the request was submitted.

The Hospital Authority has audited all FOI requests over the past 10 years (about 8,000 responses) and has increased oversight of the FOI process by banning the use of Excel spreadsheets in responses. The Information Commissioner's Office (ICO) was informed of the incidents, and the NHS cyber security service gave assurances that the data was not available online.

The Hospital Authority acknowledged that such errors were unacceptable, given the institution's duty to keep patient information confidential, and apologised to patients for the concern the report may have caused. Affected patients can receive support through a free phone or email, information about which is available on the hospital website.

The Freedom of Information Act has previously caused data breaches. So, in 2011, the British Regional Council of Dumfries and Galloway mistakenly published personal information about 900 real and former employees. The publication of the information was a response to one of the requests made as part of an investigation related to the use of the Freedom of Information Act.[1].

Notes