More than 18,000 people who tested positive for COVID-19 had their personal details published online by Public Health Wales (PHW).
The error, which the health organisation said was an “individual human error”, unveiled their initials, date of birth, geographical area and sex.
The information was online for 20 hours in August and according to PHW the details were only viewed by 56 people before they were removed.
- Potential risk model could see 4.5m people shielding from COVID-19 this winter
- German teenager believed to be the first person to have been diagnosed with type 1 diabetes after COVID-19
Tracey Cooper, PHW’s Chief Executive, said: “We take our obligations to protect people’s data extremely seriously and I am sorry that on this occasion we failed. I would like to reassure the public that we have in place very clear processes and policies on data protection.
“We have commenced a swift and thorough external investigation into how this specific incident occurred and the lessons to be learned. I would like to reassure our public that we have taken immediate steps to strengthen our procedures and sincerely apologise again for any anxiety this may cause people.”
In a statement, the health body said there was no evidence to suggest that the leaked information had been misused in any way.
It said: “We recognise the concern and anxiety this will cause and deeply regret that on this occasion we have failed to protect Welsh residents’ confidential information.
In the community:
“In the meantime, we have taken immediate steps to prevent a similar incident from happening again. These include establishing an Incident Management Team to instigate remedial actions which have already resulted in changes to our standard operating procedures so that any data uploads are now undertaken by a senior member of the team.
“We have also informed our health board and local authority partners and have kept them up to date with the position.”