Both of the data leaks at the Cambridge Addenbrooke’s Hospital appear to be because of failures in how information was released in response of Freedom of Information requests:
Data breach by Addenbrooke’s Hospital reveals patient information – BBC News
The information has not leaked any further than the primary recipients, both of whom took the responsible action and notified the hospital.
Your takeaway from this – do you have a policy for what information your team are authorised to release?
Clive Catton MSc (Cyber Security) – by-line and other articles