Personal details of over 18,000 people who tested positive in Wales leaked
by Jordan KingPublic Health Wales accidentally uploaded the personal details of every Welsh resident that has tested positive for coronavirus to a public server.
They said the data breach which allowed anyone who used the site to search the information of 18,105 people was because of ‘individual human error’.
With 16,179 of the 18,105 their initials, date of birth, geographical area and sex was published while 1,926 people living in nursing homes or other supported housing had the details of their setting shared.
The data was for every Welsh resident who had tested positive for Covid-19 between February 27 and August 30.
The next day Public Health Wales removed the data meaning it was online for 20 hours and had been viewed 56 times.
A spokesman said there was ‘no evidence at this stage’ that the data had been misused.
Tracey Cooper, chief executive of Public Health Wales, said: ‘We take our obligations to protect people’s data extremely seriously and I am sorry that on this occasion we failed.
‘I would like to reassure the public that we have in place very clear processes and policies on data protection.
‘We have commenced a swift and thorough external investigation into how this specific incident occurred and the lessons to be learned.
‘I would like to reassure our public that we have taken immediate steps to strengthen our procedures and sincerely apologise again for any anxiety this may cause people.’
The Information Commissioner’s Office and the Welsh Government have been informed of the breach and an external investigation has been commissioned.
This will be led by the head of governance at the NHS Wales Informatics Service.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.