An NHS worker in the secure mental health unit of a Scottish hospital has been suspended, after losing a USB stick containing patients’ medical records.
According to local newspaper reports, the USB stick contained unencrypted sensitive information – including the criminal histories of some violent patients at the Tryst Park unit at Bellsdyke psychiatric hospital. It was found by a 12-year-old boy in the car park of an Asda supermarket in nearby Stenhousemuir.
NHS Forth Valley medical director Dr Iain Wallace confirmed that the member of staff has been suspended while an investigation is carried out, but refused to give any further details.
“We are currently assessing the data on the memory stick which has been returned to us,” Wallace told the Aberdeen Press and Journal. “We are in the process of contacting patients and their relatives to offer reassurance and to let them know we are doing everything possible to discover how this incident has occurred.”
Earlier this year, British companies were warned to tighten up their security systems, after the Information Commissioner’s Office (ICO) was given the power to issue large fines for any serious data breaches. Companies that fall foul of the data breach laws now risk a maximum fine of £500,000.
Since the incident involves a data loss involving medical records, Bellsdyke hospital could be the first organisation to fall victim to the ICO’s new fines. According to data security specialist Credant Technologies, the case may be referred to the regional office of the ICO in Edinburgh for investigation and likely further action.
“The case is the latest in what has become a long history of NHS data losses that David Smith, the ICO’s deputy commissioner, directly referred to in his keynote speech at the Infosecurity Europe show last week,” said Credant product manager Sean Glynn. “Whilst it’s good to hear the Information Commissioner calling for an urgent review of NHS data security, nothing much has changed – we’re still seeing entirely unnecessary data breaches like this.”
According to Glynn, the ongoing migration of medical records to electronic format has exacerbated the problem, with the health service suffering 140 security breaches during the first four months of last year. Glynn emphasised the need for the highest level of encryption when conveying sensitive data, and calls for the instatement of an NHS technology czar to oversee the process.
“The technology required to protect data on laptops and removable media is available in the market today, is not particularly difficult to deploy, and can immediately mitigate these risks,” he said. “It’s now time for the ICO to act and push for the appointment of an NHS technology czar to oversee data security issues at all levels – and take action against those health bodies that fail to protect their patients’ data.”
Also in April, Symantec’s Global Internet Security Report found that the physical theft or loss of a device containing corporate information was the largest single reason for data breaches. However, the report also found that a growing number of breaches were caused by hacking.
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
US Supreme Court says it will hear appeal of TikTok and parent ByteDance against ban…
Japanese start-up Space One destroys Kairos rocket for second time shortly after launch, as country…
World's biggest EV battery maker CATL aims to build 1,000 battery-swap stations next year, rising…
Facebook has 'severely restricted' news content from Palestinian outlets since October 2023 amidst bias concerns,…