Cambridge University Hospital Breach Exposes Data of Cancer and Pregnancy Patients

The Cambridge University Hospital admitted they mistakenly leaked over 22,000 pregnant women and cancer patients’ private data, including their names, hospital numbers, and medical information. 

The double data breach of the Cambridge University-affiliated Addenbrooke’s Hospital disclosed the personal information of cancer patients and pregnant women. According to the university investigation, the data breach happened in 2020 and 2021. The hospital administration claimed the information was mistakenly published on a spreadsheet in response to the Freedom of Information Act (FOI). They added an unsecured database during the patient onboarding caused a breach, and they did not get any evidence that data was being accessible or shared on any platform further. The University Chief Executive, Roland Sinker, stated, “whilst there is no evidence in either case of the information being accessed or shared beyond the original recipients, we recognise that such errors are unacceptable given our clear duty to maintain the confidentiality of patient information. We want to apologise unreservedly to our patients for the worry and concern that this news may cause.” 

The hospital trust stated the information breached by the university, including names, hospital numbers, and some prescriptions, is enough to indicate who had abortions and miscarriages. This data breach urged medical insurance companies to strengthen their security so that bad actors can not use this information to disguise their real identity. Additionally, the hospital trust promises to ensure such violations don’t happen again. This entails putting in place robust security measures and routinely evaluating current guidelines and protocols. They also motivate patients to come to the office and can mail who are worried they might be affected by the data breach. Sinker stated, “given the sensitivity of the maternity information, we believe that some patients may wish to avoid any risk of family members finding out about a previously undisclosed pregnancy. It is also straightforward for this group of patients to identify themselves based on the date range above. Therefore, we have decided not to write directly to these patients.”

Letters have been issued to the impacted cancer patients since the hospital stated that it would be more difficult for them to identify themselves. Cambridge MP, Daniel Zeichner, demanded an investigation of the breach’s cause. He stated, “this a serious data breach, which should not have happened. I am pleased that once they were aware, the trust acted swiftly and responsibly, in consultation with patient groups, and put sensible measures in place to support those affected. Anyone concerned should contact the support trust. There now needs to be a full review to ensure that this cannot happen again.”

Suggested Reads: 

UK AMENDS CORPORATE ACT TO COMBAT ECONOMIC CRIMES

UK CUSTOMERS LOSSE £580M TO IDENTITY SCAMMERS IN FIRST HALF OF 2023

BANK OF ENGLAND FINES CITIGROUP £44M OVER POOR FINANCIAL INFORMATION