Cambridge University Hospitals Foundation Trust has apologised after it mistakenly released private information belonging to more than 22,000 patients in two major data breaches in 2020 and 2021.
The trust released an official statement yesterday (6 December), in which chief executive Roland Sinker explained that both breaches “were the result of mistakenly including patient information in Excel spreadsheets in response to Freedom of Information Act (FOI) requests”.
The information included the patient’s names, hospital numbers and some medical information, however Sinker confirmed that no home addresses or dates of birth were included, and no evidence has been found in either case of the information being accessed or shared any further.
The trust said the breaches happened in 2020 and 2021 but only “recently came to light”. The first breach related to maternity patients and the release of “names, hospital numbers of patients and their birth outcomes”, and the second breach related to cancer patients and included “names, hospital numbers and some medical information”.
Maternity data involving 22,073 patients booked for care at The Rosie Hospital between 2 January 2016 and 31 December 2019 was breached. In the second instance, data related to 373 cancer patients on clinical trials was breached.
“We have given careful consideration to the benefits and risks of writing to the patients affected. Given the sensitivity of the maternity information, we believe that some patients may wish to avoid any risk of family members finding out about a previously undisclosed pregnancy,” Sinker said in the statement.
“It is also straightforward for this group of patients to identify themselves based on the date range above. Therefore we have decided not to write directly to these patients.
“This is not the case for the cancer patients, for whom self-identification would be less straightforward based on the same level of information, and so we have written to these patients directly.”
The trust has set up a dedicate freephone helpline 0808 175 6331, email support and published Frequently Asked Questions for patients who believe they may be affected.
Daniel Zeichner, MP for Cambridge, added: “This is a serious data breach, which should not have happened. I am pleased that once they were aware, the Trust has acted swiftly and responsibly, in consultation with patient groups, and has put in place sensible measures to support those affected.
“Anyone concerned should contact the trust for support. There now needs to be a full review to ensure that this cannot happen again.”
Recently, Somerset NHS Foundation Trust has begun to contact patients who have been affected by a data breach at Musgrove Park Hospital.