“We regret what has happened and have apologised to those affected. We are making information, advice and support available to individuals affected,” Waikato Hospital’s group director operations, Michelle Sutherland, told the Herald.
The letters were to be sent to medical centres in batches, with patient names and addresses included below the address of the medical centre.
A change in format meant when the letter moved in its envelope, the wrong address showed through the window. This happened in two different batches of letters, meaning the letters were wrongly sent to two residential addresses.
“The letters were sent out from Health NZ Waikato on January 10 and January 25 and we were notified of the privacy breach on January 26.
“Immediately, we have ceased using window envelopes for correspondence and the letter template is being updated to prevent this occurring again.”
One of those affected was Ohura resident Sandra Hindrup, who had waited seven weeks for results from a diabetes and eye clinic at Taumarunui Hospital.
On Monday evening she received a phone call from someone at Waikato Hospital, she said, telling her the private information had been sent to somebody else’s house.
“It’s shocking. I was given an apology over the phone.”
The breach is small, compared to recent privacy issues at Health NZ - Te Whatu Ora.
Last year at least 12,000 people, many of them vaccinators, had personal information released online.
Former employee Barry Young has pleaded not guilty to a charge of dishonestly taking health agency data and spreading it online.
And in May 2021 a massive ransomware attack on the then Waikato District Health Board brought down services and systems. Health data was stolen and posted on the dark web, affecting more than 4000 patients.
Nicholas Jones is an investigative reporter at the Herald. He won the best individual investigation and best social issues reporter categories at the 2023 Voyager Media Awards.
