A newsletter sent out yesterday by the 56 Dean Street clinic in London mistakenly disclosed the names and email addresses of 780 people, many of whom are HIV positive.
The clinic, which is run by the Chelsea and Westminster NHS trust, apologized shortly thereafter, and this morning pledged to investigate how the data breach occurred.
Dr Alan McOwan, Chelsea and Westminster hospital NHS trust’s director for sexual health, sent out this email hours after the incident:
I’m writing to apologize to you. This morning at around 11.30am we sent you the latest edition of OptionE newsletter.
This is normally sent to individuals on an individual basis but unfortunately we sent out today’s email to a group of email addresses. We apologise for this error.
We recalled/deleted the email as soon as we realized what had happened. If it is still in your inbox please delete it immediately.
Clearly this is completely unacceptable. We are urgently investigating how this has happened and I promise you that we will take steps to ensure it never happens again. We will send you the outcome of the investigation.
According to The Guardian, Britain’s data protection watchdog is likely to launch an investigation into the privacy breach, which is thought to be one of the biggest of its kind.
“I find it impossible to believe that in this day and age this can happen," said one HIV patient whose details were exposed in the breach. "I was able to scroll down the list and identify the names of a number of people who I knew, some of whom I was unaware of their status.”
56 Dean Street, which bills itself as Europe’s busiest sexual health, contraception and HIV care clinic, should not be discredited for the good work they've done in the past. In 2011, the clinic set the world record for the most HIV tests performed in one location, at G-A-Y bar in Soho on World Aids Day.
In the hours since, the clinic has set up a helpline for patients affected by the breach ahead of any investigations.