University of Hong Kong’s medicine department ‘sorry’ for patient data breach

Hong Kong’s top medical school has expressed its “deepest apologies” after a laptop computer containing the personal data of more than 3,600 patients was suspected to have been stolen, causing a massive data breach.

A police investigation was under way after the laptop belonging to the University of Hong Kong’s Li Ka Shing Faculty of Medicine went missing from its office at Queen Mary Hospital in Pok Fu Lam on Thursday.

An initial assessment revealed that the personal information of 3,675 patients including their names, Hong Kong identity card and telephone numbers, diagnoses and medication list could have ended up in the wrong hands, although data for 901 of those patients was encrypted. According to a statement by the department, a person can log into the system only by using a registered username and password.

The department stressed that it would fully support the police investigation, and that measures had been taken to strengthen security. Staff members have also been asked to reset their user passwords, and ensure personal data in electronic storage was well-protected. It did not specify if anyone would face disciplinary action.

The Office of the Privacy Commissioner for Personal Data was also notified of the incident.