DH reports suspected intrusion into laboratory contractor server
***************************************************************

     The Department of Health (DH) today (August 1) reported that a computer server of a laboratory contractor under the Colorectal Cancer Screening Programme (CRCSP) was suspected to be intruded by ransomware. The server, containing test results of the participants of the CRCSP, had been suspended with immediate effect.

     The DH was notified by the laboratory contractor yesterday (July 31) that its server using to upload laboratory reports of Faecal Immunochemical Test results of the CRCSP was suspected to be intruded by ransomware and relevant reports were encrypted. The laboratory contractor started investigation immediately and reported to the Police for investigation today. It is not certain at this stage whether personal data of the participants in the laboratory reports has been leaked. Investigations are continuing.

     "We attach great importance to the incident. The DH has also reported it to the Police, the Office of the Privacy Commissioner for Personal Data and the Office of the Government Chief Information Officer, and is now assisting the Police's investigations. The DH has already asked the laboratory contractor to review its existing information security measures to avoid the recurrence of similar incidents in future," a spokesman for the DH said.

     "The analysis of the specimens collected under the CRCSP will continue," the spokesman added.

     For enquiries, members of the public may call 3565 6288, which will operate from 9am to 5.45 pm on Mondays to Fridays to liaise with the DH.

Ends/Thursday, August 1, 2019
Issued at HKT 20:45

NNNN