Man arrested over leak of 56,000 patients’ data in Hospital Authority breach

A 30-year-old man has been arrested in Tin Shui Wai Tuesday for accessing to computer with criminal or dishonest intent in relation to more than 56,000 patients personal data leaked onto the dark web in a Hospital Authority breach. 

The arrested individual is male employee of a contractor. Police then raided the system contractor's office in the New Territories, seizing over 60 digital devices, including servers, computers, mobile phones, and storage devices. 

Police identified the suspect and found he had illegally downloaded the data of patients and some medical staff without authorization from United Christian Hospital, and was subsequently arrested. 

An investigation is ongoing into the suspect's motives and whether more individuals are involved.

The leaked data primarily originated from United Christian Hospital. Police urge the public not to download or repost the data indiscriminately to avoid committing crimes such as doxxing.

The HA’s routine monitoring system detected a case of suspected unauthorized access and leakage of patient data on a third-party platform in the early hours on April 3. 

Emphasizing that it takes the matter very seriously,  the authority noted that it has already reviewed its internal network systems and confirmed that they are operating securely and normally.