Probe launched after Hospital Authority data breach involving 56,000 patients
A major data leak has compromised names, ID numbers, and full medical histories of thousands.
Hong Kong's privacy watchdog and police have launched a joint investigation into a significant data breach at the Hospital Authority, compromising the sensitive information of more than 56,000 patients. The breach, reported on April 4, 2026, involved the unauthorized retrieval of a comprehensive dataset including patients' full names, Hong Kong identity card numbers, genders, dates of birth, and the specific dates of their hospital visits. Most critically, the exposed health information contains detailed medical histories, creating severe privacy and security risks for the affected individuals.
The Hospital Authority stated its regular monitoring systems flagged the suspected unauthorized data retrieval from a third-party platform early on Friday morning. In response, the Office of the Privacy Commissioner for Personal Data has activated its investigation mechanism and issued urgent guidance to victims. Authorities are advising the 56,000+ impacted patients to immediately change passwords for their online accounts, scrutinize bank statements for unauthorized transactions, and remain highly vigilant against phishing calls or messages attempting to exploit the stolen data. This incident highlights persistent vulnerabilities in third-party data handling within critical healthcare infrastructure.
- Breach impacts 56,000+ patients, exposing names, ID numbers, and full medical histories.
- Hong Kong's Privacy Commissioner and police are investigating the leak from a third-party platform.
- Patients advised to change passwords, monitor accounts, and beware of phishing scams.
Why It Matters
This breach demonstrates critical vulnerabilities in healthcare data security, risking identity theft and medical fraud for tens of thousands.