Data breach at HA anesthesiology dept at United Christian Hospital
發佈日期: 2026-04-04 20:46
TVB News
The Hospital Authority has reported a suspected patient data leakage case that involves the information of more than 56,000 patients.
The HA suspects the incident could be medical identity theft. The Hospital Authority's routine monitoring system detected the suspected data breach at around 2 am on Friday.
In a statement, the HA said the incident involves leaking the data of more than 56,000 patients from the Kowloon East Cluster, including their names, gender, ID card numbers and details of hospital procedures.
Separately, Libby Lee, Chief Executive of the HA, said the leaked data also contains information of some staff from the cluster.
Lee said no evidence has shown that the incident is linked to a cybersecurity attack.
On social media, an account that tracks cybercrime claims attackers have uploaded the stolen data onto the dark web.
While the HA has reported the matter to the Police and the Office of the Privacy Commissioner for Personal Data, a cybersecurity analyst said authorities should conduct more solid configuration monitoring work given that hospitals have a critical business nature.
Cyber Security Analyst Anthony Lai said: "It should not be done once when the project starts. They need to keep more ongoing monitoring on those configuration changes, or even those alert, or (when) authentication is suddenly missed out or disabled."
Former lawmaker Michael Tien claims the anesthesiology department of the United Christian Hospital is the victim of this data breach incident.
Tien said the breach happened after the hospital had asked its cybersecurity contractor to upgrade the system on Wednesday.
He questioned whether the Digital Policy Office had taken part in monitoring the process.
