Hospital says data breach took place

TALLAGHT HOSPITAL in Dublin has claimed police raids on a company in the Philippines have established that an offence was committed…

TALLAGHT HOSPITAL in Dublin has claimed police raids on a company in the Philippines have established that an offence was committed in relation to a data breach involving sensitive patient records.

More than 60 Irish hospitals, doctors or other health facilities are now involved in the investigation into how such records fell into “inappropriate hands”.

The vast majority of those involved are individual doctors. It is understood only a small minority are hospitals.

Tallaght confirmed earlier this month that there had been “unauthorised access” to records it had sent to a private company, Uscribe, for transcription. While that company has an Irish office, the records were processed by the Philippines office.

READ MORE

Acting chief executive at Tallaght hospital John O’Connell confirmed yesterday that Uscribe’s Philippines offices were raided by police last week as part of the investigation.

This established that an offence had been committed, he said.

Mr O’Connell said the IT director of the hospital had travelled to the Philippines and had secured a court order empowering the authorities there to search the premises and to seize all electronic equipment and data.

He said that following a police raid on those offices last Thursday, this data was now being examined by the Philippines authorities who would report to their courts before September 7th.

Mr O’Connell said that at the end of the process such data would be “deleted irretrievably” as it was already held by Tallaght Hospital.

“An offence has been committed. Tallaght hospital is determined that those responsible be pursued in all appropriate jurisdictions,” he added.

Mr O’Connell said as soon as it became evident that some patient information had got into inappropriate hands, the hospital “worked with authorities in Ireland and the Philippines to determine the extent of the information breach and to ensure that this could not reoccur”.

He said the hospital had worked very closely with the Data Protection Commissioner throughout.

The hospital stopped using the services of Uscribe in May and “now has state-of-the-art and robust procedures with a new service provider”, he said.

Deputy Data Protection Commissioner Gary Davis said his office had a concern that “it just wasn’t possible” that the data breach could be confined to Tallaght Hospital, given the number of health clients of Uscribe whose data was also being sent to the Philippines.

“Anything that made its way to the Philippines was affected,” he said.