The Health Bureau’s Primary Healthcare Commission announced the suspected hacking of the outsourced network system of the Kwai Tsing District Health Centre (Kwai Tsing DHC) on April 27, resulting in a possible leakage of members’ data.
Such data include members’ names, membership numbers, dates of birth, residential districts, and the first four digits of the Hong Kong Identity Card of some members who have enrolled in a vaccination programme. The operator is currently assessing the possible number of members affected and the data involved.
The commission stressed that it is highly concerned about the incident, and has instructed the Kwai Tsing Safe Community & Healthy City Association, the operator of the Kwai Tsing DHC, to seriously follow up and submit a report within three working days.
According to the operator, the system involved is managed independently by its outsourced service provider, and is mainly used to assist with administrative work such as service booking or members sign-in at the Kwai Tsing DHC.
The Primary Healthcare Commission noted that in addition to reporting the incident to Police as well as the Office of the Privacy Commissioner for Personal Data, the operator has also notified the Digital Policy Office.
As required by the commission, the operator has immediately suspended the operation of the Kwai Tsing DHC’s network system and all external connections to its computer servers to prevent further intrusion attempts by hackers. An independent cybersecurity expert has also been hired to conduct an investigation and review.
Due to the system suspension, the appointments on blood taking and seasonal influenza vaccination of relevant Kwai Tsing DHC members will be rescheduled. The operator has started to notify those members via phone calls and text messages, and will also inform all its members of the hacking incident.
Furthermore, for the sake of prudence, as the Kwai Tsing DHC is a registered healthcare provider on eHealth, the operator’s eHealth registration has been suspended in order to protect the data privacy and system security of eHealth. During the suspension period, the Kwai Tsing DHC is unable to gain access to any electronic health record in eHealth.
The Kwai Tsing DHC’s connection with eHealth will only resume once security risks are fully eliminated.
Call 1878 222 for enquiries.
