Saolta University Health Care Group is investigating a potential data breach at UHG (University Hospital Galway) after scam letters were sent to patients’ home addresses.
The letters, from an organisation calling itself The Anglo America Lottery, informed recipients that they had won a significant prize in the ‘Hospital Sick Patient Lottery Draw’ after being picked anonymously through a “private ballot system of the data of all sick patients admitted to wards around Europe”.
Winners were advised to keep the news confidential until the claim was processed and money transferred to their bank accounts to avoid double claims.
A questionnaire attached to the letter asked for personal details to ensure the right person was being paid. Recipients were also asked to provide their date of birth to verify their identity.
The letter provided a website and phone number, which rang out when called and failed to give the organisation’s details in a subsequent voicemail message.
Daragh Kelly, one of the recipients of the scam letter, said that “alarm bells” rang when he noticed his address was spelled incorrectly.
“I am very upset and worried about this as I am sure anyone that received this letter is,” he said. “Understandably, it’s early days for them but it is totally unacceptable. I am well used to spam email but to get something to my home address with data collected in the hospital is scary.”
According to a UHG spokesperson, a number of patients notified management about the letter. The hospital is investigating the potential breach, but this may take several weeks to complete.
It has also followed up with affected patients and advised the DPC (Data Protection Commissioner) of the incident.
“The hospital would like to strongly stress to patients and their families that it has absolutely no association with or knowledge of this company,” the spokesperson said.
A DPC spokesperson confirmed it has “received a breach notification and [is] seeking further information”.