Major data breach at Limerick hospital under investigation

More than 600 patients are being contacted after the hospital became aware of the alleged breach on May 29.
Major data breach at Limerick hospital under investigation

University Hospital Limerick, which is contacting more than 600 patients following an alleged major data breach concerning patient data. File Picture.

University Hospital Limerick (UHL) is in the process of contacting more than 600 patients following an alleged major data breach concerning patient data, including details of 95 children, which was then posted on social media.

Gardaí have also been informed of the alleged breach by a non-HSE employee.

It’s alleged the patient data, including patient names, dates of birth, and medicines dispensed, was extracted from a computer system relating to patients who attended at the emergency department (ED) at UHL last April.

“We are writing to 630 patients concerning a breach of patient data at University Hospital Limerick. This relates to patients who attended the Emergency Department at UHL between April 18 and April 22 last,” said a UHL spokesman, who confirmed 95 of the people affected are children.

“The data in question was extracted from an automated system used in the ED to dispense medication safely. It was extracted, without HSE knowledge or approval, by an employee of a company which was then supporting this system; and not by any employee of the HSE.

This information was published online in the form of a file linked from a Twitter account. This file contained personal data which included patients’ names, date of birth and the names of medications dispensed while they were in the ED.

The spokesman added “the medications were for the most part those you would expect to be dispensed in an emergency department (i.e painkillers and antibiotics)”.

The hospital became aware of the alleged breach on May 29.

“Immediate actions were taken by the HSE and by UL Hospitals Group to protect patient data. Twitter blocked the link to the data and disabled the account in question,” the spokesman explained.

Gardaí and the Data Protection Commission were also immediately notified and the HSE obtained a High Court Order on June 5 “restraining the individual concerned from communicating confidential information”.

The UHL spokesman said the hospital was “only now writing to patients as it has taken some time for UL Hospitals Group and the HSE to understand the nature and extent of the breach”.

They believe the data "has not been widely shared" due to the type of file which was posted online, which would have "taken a degree of technical knowledge to rebuild and make sense of". 

The spokesman said that while the hospital “have to date received no inquiries from any party who has accessed patient details online” they were in the process of advising the 630 patients “that there remains a residual risk of future unauthorised disclosure, in spite of the High Court injunction that remains in place to restrain the individual from further sharing data”.

UHL has “apologised” to patients involved “for any distress this will cause” and is including details of a helpline in the letters sent to the patients.

According to a report in the Limerick Leader the data breach involved a “rogue non-HSE employee”.

UL Hospitals Group explained it “had all the necessary data processing arrangements in place with the third party processor to protect the security of the data which was being processed”.

“A data processing agreement” and “a data sharing agreement” was in place between the HSE and the company as well as “a confidentiality agreement”, the Group said.

“Unfortunately this event was caused by an intentional act by one individual.”

More in this section

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day. PS ... We would love to hear your feedback on the section right HERE.

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day. PS ... We would love to hear your feedback on the section right HERE.

logo podcast

War of Independence Podcast

A special four-part series hosted by Mick Clifford

Available on
www.irishexaminer.com/podcasts

IE logo

Commemorating 100 years since the War of Independence

IE_logo_newsletters

Select your favourite newsletters and get the best of Irish Examiner delivered to your inbox

LOTTO RESULTS

Saturday, November 27, 2021

  • 1
  • 5
  • 15
  • 23
  • 39
  • 47
  • 30

Full Lotto draw results »