Data breach at hospital after files found under patient’s bed

LETTERKENNY University Hospital is managing a data breach, the Donegal News can reveal.

A source told the Donegal News 26 medical files were found under the bed of a patient earlier this month. Instead of being handed over to staff, the document was removed from the facility.

A HSE spokesperson confirmed to the Donegal News it has reported the incident to the Data Protection Commissioner.


“Letterkenny University Hospital is managing a data breach incident arising from the removal of a patient census document (list of patients) from the hospital premises. The incident has been reported to the Data Protection Commissioner in accordance with legislation.

“LUH is fully committed to protecting the rights to privacy and confidentiality of all our patients under General Data Protection Regulations (GDPR). In line with HSE policy, any data incidents are taken very seriously and acted on immediately.

“Data incidents which are notified to the hospital are comprehensively investigated by Hospital Management.”

The Data Protection Commission has provided advice on what to do if you find personal data in a public place.

A spokesperson said: “In the unlikely event that a member of the public should find personal data or come into possession of documents or devices containing personal data that is not their own, it is important not to compound any personal data breach by further disclosing or transferring the data to any additional third parties.

“If the source of the data is identifiable, by a company logo, or the name and details of the organisation, then the recommended course of action is to immediately return the data to its source.

“While the temptation may arise to read or otherwise examine the personal data, the Data Protection Commission would respectfully request that members of the public would not do this, as it may represent a further breach of confidentiality.


“Onward disclosure or processing of the personal data may result on a loss of confidentiality for the data subjects, and may infringe on their rights and freedoms.”

The spokesperson added that in the event that the source of the personal data cannot be identified, members of the public are urged to contact the Data Protection Commission, who will endeavour to assist you to identify the rightful owner with a view to returning the documents to them.

“The Data Protection Commission will notify the owner of its obligations under Article 33 of the General Data Protection Regulation.”



Receive quality journalism wherever you are, on any device. Keep up to date from the comfort of your own home with a digital subscription.
Any time | Any place | Anywhere

and get access to our archive editions dating back to 2007
Every Thursday
Every Monday

Donegal News is published by North West of Ireland Printing & Publishing Company Limited, trading as North-West News Group.
Registered in Northern Ireland, No. R0000576. St. Anne's Court, Letterkenny, County Donegal, Ireland