On August 30, 2020, the Public Health Wales (PHW), a private health organization, has posted accidentally of more than 18,000 patients’ information on their website. The information has been available from 2 PM until the morning of 10 AM before it was taken down. According to the report, the information was viewed publicly by 56 unknown persons as per its visitor counter gathered.
On their official released statement, Public Health Wales confirmed that no hacker is behind this breach, but they confirmed that it is an internal issue resulting from a mere human error.
The information released was explicitly for patients diagnosed positive with Covid-19, specifically residents of Wales. It was the names of patients gathered from February until August of this year. As per the report shows, out of the 18000 records, over 16000 individuals whose initials, date of birth, sex, and geographical location have been posted. For almost 2000 individual records also include the nursing care and supporting homes name and address where they have been admitted. Though this information is a personal identifier, PHW confirmed that the risk of exposure is still low. Based on their investigation’s current result, they confidently say that the leaked information has no trace yet misused for any malicious activity. They also confirmed that mitigation plans have been in place and already working out on a plan to avoid this issue again.
However, many opposition parties have condemned PHW for the accident that happened. They explicitly expressed their disappointment and laid the worst possible scenarios, including the government’s degradation of public trust in storing confidential information. Furthermore, the opposition highlighted its criticism on how PHW handles the issue as they received reports that the leaked has been discovered already in the evening. Still, its complete removal needs to wait until 10 AM of the next day.
Currently, the government of Wales is assisting PHW in facing the public’s criticism, especially the opposition. On their official announcement, they confirmed that they will not follow the action made to Public Health England in which the government abolished and create a new institution that will be the central officiating group in combatting Covid-19. Though a bit disappointed, the Wales government still has their full trust to PHW and will ensure that PHW has learned their lesson and will take full responsibility for the accident. As of now, they are also helping with mitigation plans to raise public trust again that their personal data are well secured and such reassurance that the incident will not happen again.