The Hospital Authority (HA) of Hong Kong on Saturday apologized after it emerged that patient data were leaked on a third-party platform following a data breach involving more than 56,000 patients.

“The HA's routine monitoring system detected at around 2 am yesterday (April 3) a suspected case of patient data being taken without authorization and leaked on a third-party platform,” an HA spokesperson said in a statement.

The incident affected more than 56,000 patients from the Kowloon East cluster, with leaked personal information, which included their names, gender, identity card numbers, hospital file numbers and details of surgical procedures.

Police and Hong Kong’s privacy watchdog – the Office of the Privacy Commissioner for Personal Data – have launched their investigation after they were alerted to the data leak.

Stressing that it will fully cooperate with police investigation and actions, the spokesperson said, “The HA takes cybersecurity very seriously, and has conducted a thorough review of its internal network systems upon discovering the incident, confirming that the systems are operating normally and securely, with no indication of a cyberattack or similar factors.

The HA immediately suspended the contractor's system maintenance work, added the spokesperson.

Expressing sincere apology to the affected patients, the HA said it "will take all practicable measures to minimize the impact on patients."

Affected patients will be contacted via the "HA Go" mobile application, mail and phone calls soon. To respond to patient enquiries, the Kowloon East cluster has also set up a dedicated hotline at 5215 7326, which operates from 9 am to 6 pm from Monday to Sunday. Patients may also leave messages outside of hotline operating hours and staff will respond as soon as possible, added the spokesperson.