Personal data, medical history of 100,000 patients may have been leaked in cyberattack at Hong Kong group OT&P Healthcare
- Cyberattack took place within OT&P Healthcare’s management and operating system, according to group CEO Robin Green
- Green says some patients’ Hong Kong identity card and passport numbers were stored on the system
The personal data and medical history of about 100,000 patients at a Hong Kong healthcare group could have been leaked due to a cyberattack last Thursday, the operator has confirmed with the Post.
OT&P Healthcare CEO Robin Green on Monday said the cyberattack took place within the clinic’s management and operating system. “That system holds both patient identity and medical records. We have no idea … how much data was taken,” he said.
The group’s internal IT department noticed significant “system instability” on Thursday afternoon and called in a third-party experts to assess the situation, who advised that the system be taken offline immediately.
OT&P has a total of eight clinics in Central, Repulse Bay and Clear Water Bay, with about 100,000 patients.
The group said it had been informed by the experts that there had been a cyberattack, adding the system was currently under forensic examination to assess the scale of the attack.
Green said those responsible did not gain access to patients’ financial information or bank details. However, some patients’ Hong Kong identity card and passport numbers were stored on the system.
When questioned whether the attacker was able to download and save patient records and personal information, Green said: “It’s all subject to forensic examination, but right now, we don’t know. But we certainly do know that they did have access to the system.”