Clicky

Wales leaks data of COVID-19 test patients online

The database was online and open to the public for an entire day.

Tired of censorship and surveillance?

Defend free speech and individual liberty online. Push back against Big Tech and media gatekeepers. Subscribe to Reclaim The Net.

Public Health Wales, the nation’s health agency, accidentally uploaded the information of 18,105 COVID-19 patients to an online public database. The information was accessible to any individual for at least 20 hours before it was removed.

Public Health Wales itself provided the information on what happened. The agency indicated that the personal data of more than 18,000 people affected by COVID-19 were erroneously uploaded to a public access database for more than 20 hours. Among the data included are the sex, geographic area, and date of birth of individuals.

PHW Chief executive Dr. Tracey Cooper said this human error should never have happened and that it was the largest data breach she has ever witnessed. So far, in 2020, the Welsh NHS has already suffered two major information breaches, which have required the Information Commissioner’s Office and the country’s government to investigate what happened.

According to the PHW, these data alone are not a problem for most people, as they offer very little to identify an individual. However, they recognized that there is a group of 1,928 people whose data can be particularly compromising (although, according to the agency, they should not represent a risk either) since they include their address of residence. This group is made up of those patients who live in nursing homes or support communities for the treatment of the virus.

The PHW also indicated that, during the time this data was available on the web, it was reviewed at least 56 times. Dr. Cooper said the information was released at 2:00 p.m. on August 30, and later that day someone was alerted to remove it. However, this person did not follow through with the protocol, which resulted in the data being deleted on September 1 at 9:55 a.m. The reason why faster action was not taken is still unknown.

Andrew RT Davies MS, a spokesperson for the Welsh Conservative party, said it was unacceptable for the health minister to release this information two weeks after the event occurred. His political counterpart, Rhun ap lorwerth MS, was also dissatisfied with the government, demanding an explanation about what happened and that they ensure better handling of the data to avoid accidents in the future.

With the coronavirus lockdowns leading to more data being collected by the government and health agencies, the leak of such data is a major setback in public trust at a time when many are already critical of government data collection.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.

Tired of censorship and surveillance?

Defend free speech and individual liberty online. Push back against Big Tech and media gatekeepers. Subscribe to Reclaim The Net.

Read more

Share