Up to 40 hospital staff members may face dismissal for unauthorized access to the medical records of a three-year-old boy who was attacked by a crocodile at a zoo near Huntingdon. The child is currently in stable condition at Addenbrooke’s Hospital in Cambridge following the incident on June 18, when a stranger threw him into a saltwater crocodile enclosure.

Hospital officials have launched an investigation into the suspected data breaches and have notified both the boy’s parents and the Information Commissioner’s Office (ICO). A spokesperson for the hospital emphasized that strict policies are in place to protect patient confidentiality and that any staff found to have accessed the records without a legitimate clinical purpose will face “robust disciplinary action.”

The child sustained severe injuries in the attack, including broken arm and pelvis bones, and has been receiving ongoing care at Addenbrooke’s. While the hospital did not specify how many staff members are currently under scrutiny, reports indicate that up to 40 individuals could face termination as a result of the inquiry.

This incident echoes previous breaches involving patient record confidentiality in the NHS. In related cases, twelve employees were dismissed and over 50 others disciplined after accessing the medical files of victims in the Southport and Nottingham knife attack incidents. Hospital leaders have reiterated their commitment to safeguarding sensitive patient information amid growing concerns over staff misconduct.

The zoo where the attack occurred has not publicly commented on the matter. Meanwhile, authorities continue to investigate the circumstances surrounding the child’s assault and the identity of the perpetrator.