Addenbrooke's Data Leak Exposes Pregnant Women and Cancer Patients’ Data
A hospital trust has acknowledged that over 22,000 pregnant women and cancer patients had their private medical information accidentally displayed online.
According to the statement, Addenbrooke's Hospital in Cambridge suffered a twofold data breach that exposed the names, hospital numbers, and some medical details on the results of births.
The hospital inadvertently disclosed the information in Excel spreadsheets as a response to Freedom of Information Act (FOI) requests in 2020 and 2021.
The hospital expressed regret, but said that its records did not contain patients' home addresses or dates of birth, and that they had not discovered any indication of additional access or sharing of this information in either instance.
Patients scheduled for prenatal treatment at The Rosie Hospital between January 2, 2016, and December 31, 2019, were affected by the data breaches.
Upon discovery of the breach, the hospital proceeded to review past FOI replies and discovered an additional breach that had affected 373 cancer patients who were participating in clinical studies at the facility.
Chief executive Roland Sinker said: "While there is no evidence in either case of the information being accessed or shared beyond the original recipients, we recognise that such errors are unacceptable given our clear duty to maintain the confidentiality of patient information.
"We want to apologise unreservedly to our patients for the worry and concern that this news may cause."
According to the hospital, it had taken "careful consideration" into account before determining whether to notify patients of the data breach by written correspondence.
Mr Sinker added: "Given the sensitivity of the maternity information, we believe that some patients may wish to avoid any risk of family members finding out about a previously undisclosed pregnancy.
"It is also straightforward for this group of patients to identify themselves based on the date range above. Therefore we have decided not to write directly to these patients."
Letters have been issued to such individuals since the hospital said that self-identification among the afflicted cancer patients would be more challenging.
The Cambridge MP Daniel Zeichner has demanded an investigation into the breech's origins.
“This a serious data breach, which should not have happened," he said. "I am pleased that once they were aware, the trust has acted swiftly and responsibly, in consultation with patient groups, and has put in place sensible measures to support those affected."
"Anyone concerned should contact the trust for support. There now needs to be a full review to ensure that this cannot happen again.”