A SPOKESMAN for UL Hospitals Group (ULHG) has confirmed that there has been a fresh data breach in which personal and medical details of more than 1,000 patients were revealed to an unknown third party.
Hospital bosses confirmed the breach after being contacted by the Limerick Post this week.
An alarmed Post reader contacted the newsroom revealing that he had been written to about the breach by the hospital, four months after it happened.
A hospital spokesman told the Limerick Post that ULHG is “writing to over 1,000 patients in relation to a data breach within the gastroenterology services at University Hospital Limerick, Ennis Hospital, and Nenagh Hospital”.
“The data breach concerns patients who attended these services between 2018 and January 2023. A total of 1,066 patients are affected.
“The breach occurred when a member of staff sent an email in error to an unknown third party outside of the HSE. A file attached to the email included patient names, dates of birth, medical chart numbers, and limited medical information. No personal contact details, such as patient phone numbers or email addresses have been disclosed in this breach.”
The spokesman said the accidental disclosure took place on January 24 last, adding that “after we discovered the error later that day, we took immediate efforts to recall the email and recover the data. These efforts have not been successful. The recipient of the email is unknown to UL Hospitals Group and we do not know if the email account is active or dormant.”
He said they have no evidence that any patient information has been further disclosed, shared, or published since the initial breach.
“We have conducted scans on the web to confirm this,” he said.
“This matter was raised as an incident within UL Hospitals Group on January 25 and was reported to the Data Protection Commissioner on January 31.”
“We are now writing to our patients to inform them of and apologise for this inadvertent breach of their data. We have set up a support line to help answer any questions they may have.
“Details of the support line are included in the letters which we are sending to patients from this Monday, May 29th.
“Gastroenterology patients are asked to wait until they have received a letter from us before calling the support line. The data breach affects gastroenterology patients only. Patients attending other services are also asked to keep the support line free for those affected by the data breach.
“Patients are also kindly asked not to contact the general gastroenterology service numbers with queries in relation to the data breach. We need to keep these lines free for regular service needs and queries,” the spokesman concluded.