Categories: InnovationSecurity

Hospital Trust Criticised Over Data Record Theft

The UK’s Information Commissioner’s Office has criticised a hospital trust for a lax approach to security which allowed a laptop containing 33,000 patient records to be stolen.

In a statement released late last week, the ICO accused the Southampton University Hospitals NHS Trust (SUHT) of failing to follow data security measures laid down in the Data Protection act. “Storing large volumes of personal information on portable devices is unnecessarily risky. Why were so many records downloaded on to an unencrypted laptop in the first place? It is vital that NHS organisations ensure their staff handle personal information securely, especially where so much sensitive personal information is concerned,” said Sally-Anne Poole, head of investigations at the ICO.

The unencrypted laptop was stolen on 19 October 2009 from a hospital vehicle that was left unlocked and unattended, according to the ICO statement. The laptop contained around 33,000 password-protected patient records including details about diabetes and results of retinal screening tests. Although the machine was attached to the van with a security cable, the lock was cut by the thieves.

In response to the incident, the SUHT has committed to make sure that all portable and mobile devices are encrypted and to improve the physical security of its vehicles. “I am pleased that SUHT has taken action to guard against security breaches of this nature in future,” added Poole.

The SUHT was contacted for comment but did not reply in time for this article.

Earlier this month, the ICO was given the power to issue large fines for any serious data breaches, after gaining the approval of Secretary of State for Justice, Jack Straw. It is expected to become law on 6 April, providing there are no parliamentary objections.

Companies that fall foul of the data breach laws now risk a maximum fine of £500,000. It is not clear at this time whether the same principle applies to government departments that lose sensitive data.

In July last year the Ministry of Defence published details of its data loss incidents for 2008 which included the loss of an entire server from an apparently secured government building, and the loss of 1.7 million individuals’ personal data.

Andrew Donoghue

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

16 mins ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

4 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

20 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

22 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

23 hours ago