LANSING, Mich., February 13, 2026 — A British social media influencer says hospital employees at a Michigan facility improperly accessed his private medical records last month, raising serious questions about patient data security and privacy.
Influencer Alleges Targeted Breach of Medical Records
The content creator is seeking legal counsel after discovering unauthorized access to his sensitive health information.
- Josh Cauldwell-Clarke, a TikToker known as “Josh from England,” noticed the breach after being notified by the hospital.
- The accessed data included his name, date of birth, address, phone number, and clinical details.
- Cauldwell-Clarke emphasizes this was not a mass data breach, but a targeted incident.
- The Health Insurance Portability and Accountability Act (HIPAA) generally prohibits unauthorized access to medical records.
Josh Cauldwell-Clarke shared on social media Wednesday, Feb. 11, that he was alerted to the unauthorized access to his electronic health record on either Jan. 18 or 19. He clarified Thursday, across his Facebook, Instagram and TikTok accounts, that this was not a widespread data breach, but rather an incident specifically targeting him.
“I have received many comments of people saying, ‘This happens all the time in America. It’s just a mass data breach,’” Cauldwell-Clarke said. “Let me be clear, this is not that.”
The influencer stated the accessed information included his name, date of birth, home address, phone number, account number, reason for admission, and clinical details related to his hospital visit. “This makes me very uncomfortable knowing there are strangers out there who have my personal and private information,” Cauldwell-Clarke said. “I’ve been in contact with counsel, and I’ll keep you updated.”
Hospital Stay Interrupted Viral Michigan Trip
Cauldwell-Clarke, traveling with fellow influencer Jason Riley as “Josh & Jase,” was briefly hospitalized in Northern Michigan while receiving pain medication for an unspecified injury, temporarily halting their journey across the state. During his treatment, Cauldwell-Clarke recalled hospital staff requesting selfies and, at one point, removing his name from a notice board to maintain privacy.
Employees accessing private medical data with work credentials is generally a violation of the Health Insurance Portability and Accountability Act (HIPAA), according to the U.S. Department of Health and Human Services. Hospitals are legally obligated to notify individuals affected by any breach of their protected health information.
It remains unclear whether the Michigan hospital involved has taken any action in response to Cauldwell-Clarke’s case.
The duo’s Michigan travels gained significant online attention, with Cauldwell-Clarke and Riley documenting their experiences at the Mackinac Bridge, Lake Superior, Mackinac Island, and various local eateries, including stops for Detroit-style pizza and Coney dogs. They also shared their observations about Michigan’s weather conditions.
