The UL Hospitals Group, which runs six hospitals in the mid west region, said on Thursday it was writing to more than 1,000 patients whose personal and medical information was inadvertently shared with an unknown third party in a major “data breach”.
The ULHG said the data breach occurred last January, when a member of staff mistakenly sent the information to an “unknown party”.
Efforts to recall the information relating to 1,066 patients attending gastroenterology services at three hospitals have so far proved unsuccessful.
“We are writing to over 1,000 patients in relation to a data breach within the gastroenterology services at University Hospital Limerick, Ennis Hospital and Nenagh Hospital.
The data breach concerns patients who attended these services between 2018 and January 2023,” stated ULHG.
“The breach occurred when a member of staff sent an email in error to an unknown third party outside of the HSE. A file attached to the email included patient names, dates of birth, medical chart numbers and limited medical information.”
“No personal contact details, such as patient phone numbers or email addresses, have been disclosed in this breach.”
It said the “unintended disclosure took place on January 24th last” and it “took immediate efforts to recall the email and recover the data, these efforts have not been successful”.
“The recipient of the email is unknown to UL Hospitals Group and we do not know if the email account is active or dormant,” it said.
“We have no evidence that any patient information has been further disclosed, shared or published since the initial data breach on January 24th. We have conducted scans on the web to confirm this,” it added.
ULHG said the matter arose internally on January 25th last and was reported to the Data Protection Commissioner on January 31st.
“We are now writing to our patients to inform them of and apologise for this inadvertent breach of their data,” stated the group.
“We have set up a support line to help answer any questions they may have.
Details of the support line are included in the letters which we are sending to patients from this Monday, May 29th.”
It asked that patients “wait until they have received a letter from us before calling the support line”.
“Patients attending other services are also asked to keep the support line free for those affected by the data breach.”
"They are also asked not to contact the general gastroenterology service numbers with queries in relation to the data breach. We need to keep these lines free for regular service needs and queries.”
In 2020 Gardaí were called in to investigate allegations that a non-HSE employee had shared online personal and medical data belonging to 630 patients including 95 children, that had attended at the Emergency Department (ED) at University Hospital Limerick (UHL).
The ULHG wrote to the 630 patients in May 2020 informing them of the alleged data breach in April 2020 which involved the patients names, dates of births, prescriptions.