Addenbrooke’s Hospital, based in Cambridge, has issued apologies after acknowledging two separate data breaches that exposed private information of more than 22,000 patients, concerning maternity and cancer cases in 2020 and 2021. Roland Sinker, the chief executive of Cambridge University Hospitals NHS Foundation Trust, revealed that these breaches had recently come to their attention. The breaches involved inadvertent release of patient information in response to Freedom of Information Act (FOI) requests.
The first breach occurred when data regarding maternity patients at The Rosie Hospital was mistakenly shared in an Excel spreadsheet as a response to an FOI request through the What Do They Know website. This exposed personal details of 22,073 patients, including names, hospital numbers, and birth outcomes. Subsequently, during a review of past FOI requests, another breach was discovered. In 2021, a spreadsheet sent as part of a FOI response to Wilmington PLC contained data related to 373 cancer patients participating in clinical trials, which included their names, hospital numbers, and some medical information. The trust expressed regret and acknowledged the errors as unacceptable, emphasizing their obligation to maintain patient data confidentiality. While no evidence suggests further dissemination of the information, the hospital has initiated guidance on its website for affected patients and refrained from direct communication due to the sensitive nature of the data. Calls for a comprehensive review to prevent future breaches have been voiced, stressing the need to fortify protocols and prevent similar occurrences in the future to protect patient privacy and security.