400 patient records were misplaced after a contractor accidentally removed a cabinet from Hong Kong's Queen Mary Hospital.
Data concerned 442 senior patients, 100 of whom are still alive and to whom personnel will reach out.
Typically, patient records are kept for seven years before being reviewed and, if necessary, being deleted.
Staff will contact the 100 or so patients who are still alive.
The hospital has expressed regret about the situation.
TPRM report: https://scoringcyber.rankiteo.com/company/queen-mary-hospital
"id": "que3112623",
"linkid": "queen-mary-hospital",
"type": "Data Leak",
"date": "11/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 442,
'industry': 'Healthcare',
'location': 'Hong Kong',
'name': 'Queen Mary Hospital',
'type': 'Hospital'}],
'customer_advisories': 'Staff will contact the 100 or so patients who are '
'still alive.',
'data_breach': {'number_of_records_exposed': 400,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Patient Records'},
'description': '400 patient records were misplaced after a contractor '
"accidentally removed a cabinet from Hong Kong's Queen Mary "
'Hospital. Data concerned 442 senior patients, 100 of whom are '
'still alive and to whom personnel will reach out. Typically, '
'patient records are kept for seven years before being '
'reviewed and, if necessary, being deleted. Staff will contact '
'the 100 or so patients who are still alive. The hospital has '
'expressed regret about the situation.',
'impact': {'brand_reputation_impact': 'Regret expressed by the hospital',
'data_compromised': 'Patient Records'},
'post_incident_analysis': {'root_causes': 'Human Error by a contractor'},
'response': {'recovery_measures': 'Staff will contact the 100 or so patients '
'who are still alive.'},
'threat_actor': 'Contractor',
'title': 'Misplacement of Patient Records at Queen Mary Hospital',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}