Addenbrookes Hospital bosses apologise after major data breach

The private information of more than 22,000 maternity and cancer patients was released

Author: Henry WinterPublished 7th Dec 2023

Bosses at one of our region's largest hospitals, Addenbrookes, have apologised - after the trust accidentally released the private information thousands of patients

The private information of more than 22,000 maternity and cancer patients was released in 2020 and 2001.

The details - which were mistakenly shared in response to Freedom of Information Requests - included names, hospital numbers and some medical data.

Cambridge University Hospitals NHS Foundation Trust’s Chief Executive, Roland Sinker said:

“I want to apologise to all of our patients for two data breaches, which happened in 2020 and 2021, and which have recently come to light.”

“Both were the result of mistakenly including patient information in Excel spreadsheets in response to Freedom of Information Act (FOI) requests. The information included the patients’ names, hospital numbers and some medical information.

“No home addresses or dates of birth were included, and we have found no evidence in either case of the information being accessed or shared any further.

“The first case related to data provided in a FOI request via the What Do They Know website. In responding to the request, we mistakenly shared some personal data which was not immediately visible in the spreadsheet we provided but which could be accessed via a ‘pivot table’.

“We want to apologise unreservedly to our patients for the worry and concern that this news may cause.”

The data related to 22,073 patients booked for maternity care at The Rosie Hospital between 2 January 2016 and 31 December 2019. It included the names and hospital numbers of patients and their birth outcomes.

The What Do They Know website group alerted the Trust to the breach and promptly removed the information from their own website.

Following discovery of this data breach, the Trust reviewed all the FOI requests (around 8,000) they responded to in the past 10 years. It discovered one further case where patient data was mistakenly contained in a spreadsheet sent in 2021 as part of a FOI.

This data related to 373 cancer patients on clinical trials and included their names, hospital numbers and some medical information.

You can see the full statement from the trust here.

First for all the latest news from across the UK every hour on Hits Radio on DAB, at hitsradio.co.uk and on the Rayo app.