Update on hacking incident of Clinical Information Management System of DH
***************************************************************
The Department of Health (DH) today (August 26) reported the investigation progress of an intrusion incident of the Immunisation Record System of its Clinical Information Management System (CIMS). According to the investigation of the DH, the risk of massive leakage of personal data in the incident is low.
"Our investigation shows that the hacker had not accessed the database of the CIMS. According to the total data accessed/downloaded during the period the hacker might have gained access to the temporary files under the CIMS. We believe that at most 1.75 per cent to 4 per cent of the temporary files would have been affected," a spokesman for the DH said.
The DH's investigation revealed that a total of 16 142 temporary files were found on the server that was intruded into, among which 11 677 contain personal and/or clinical information. The files are mainly (1) registration information; (2) documents issued to clients, such as sick leave certificates and attendance certificates; and (3) partial medical records, such as laboratory test results and incomplete medical notes from five clinical services, namely Antenatal Service of the Family Health Service, Clinical Genetic Service, Dental Service, Professional Development and Quality Assurance, and Social Hygiene Service.
"Although the risk of massive leakage of personal data is low, we attach great importance to the incident and express regret over it.
"We have sent letters to all affected persons whose contact information was present in the files as the risk of malicious use of such information, if leaked, would be higher. They are advised to be vigilant against any illegal use of their personal information, such as in bogus phone calls, and contact the Police for assistance if needed. So far we have not received any report of confirmed personal information leakage due to this incident," the spokesman added.
Meanwhile, members of the public who attended the services listed in the Annex during the specified period and wish to enquire about further details of the incident may contact the DH at 2576 6278 during office hours (from 9am to 1pm and 2pm to 5.30pm, Monday to Friday).
Further investigations by the DH and the Police into the cause of the incident are ongoing. The DH will enhance the security measures of the CIMS to protect personal data and the privacy of the public.
Ends/Friday, August 26, 2016
Issued at HKT 18:01
NNNN