Cancer patients and pregnant women exposed in Addenbrooke's Hospital data breach

Anglia
Addenbrooke’s Hospital
Cambridgeshire
Data breach
Wednesday 6 December 2023 at 6:13pm

Rebecca Haworth reports from Addenbrooke's Hospital for ITV News Anglia

Private medical details of more than 22,000 pregnant women and cancer patients were mistakenly shared by a hospital trust, it has admitted.

The double data breach by Addenbrooke's Hospital in Cambridge revealed patients' names, hospital numbers and some medical information about birth outcomes, it said.

The information was mistakenly published by the hospital in Excel spreadsheets in response to Freedom of Information Act (FOI) requests in 2020 and 2021.

The hospital has apologised but said no home addresses or dates of birth were included, and it had found no evidence in either case of the information being accessed or shared any further.

The first data breach concerned 22,073 patients who were booked for maternity care at the Rosie Hospital between 2 January 2016 and 31 December 2019, which was published on the What Do They Know website.

Once the breach had been detected, the hospital checked previous FOI responses and found a second breach which affected 373 cancer patients taking part in clinical trials at the hospital. That information was shared with a company which had made an FOI application.

Chief executive Roland Sinker said: "While there is no evidence in either case of the information being accessed or shared beyond the original recipients, we recognise that such errors are unacceptable given our clear duty to maintain the confidentiality of patient information.

"We want to apologise unreservedly to our patients for the worry and concern that this news may cause."

The hospital said it had given "careful consideration" when deciding whether to write to patients or not to inform them of the data breach.

Mr Sinker said: "Given the sensitivity of the maternity information, we believe that some patients may wish to avoid any risk of family members finding out about a previously undisclosed pregnancy.

"It is also straightforward for this group of patients to identify themselves based on the date range above. Therefore we have decided not to write directly to these patients."

The hospital said self-identification among the affected cancer patients would be more difficult, so letters have been sent to those people.

Daniel Zeichner, MP for Cambridge, called for a review into how the breach happened.

“This a serious data breach, which should not have happened," he said.

"I am pleased that once they were aware, the trust has acted swiftly and responsibly, in consultation with patient groups, and has put in place sensible measures to support those affected.

"Anyone concerned should contact the trust for support. There now needs to be a full review to ensure that this cannot happen again.”

The trust has set up a freephone helpline on 0808 175 6331 and email address cuh.datahelpline@nhs.net for patients who are worried that they may have been affected by the data breach.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know