DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Patients kept in the dark as hundreds of records go astray

Posted on March 25, 2008 by Dissent

David Higgerson of the Liverpool Daily Post reports:

THE records of hundreds of Merseyside patients have gone missing from the region’s hospitals and surgeries over the past two years.

Many of the incidents – including one where the names, partial addresses and door access codes to sheltered accommodation were taken – have prompted changes in working practices at health trusts across the area.

A number of the patients involved will be unaware their information had been lost. In one case involving Liverpool PCT, a patient only discovered their file was missing after a solicitor asked to see it.

Several of the cases involve data going missing in the post, including one incident where a ripped envelope arrived at its destination without the CD containing patients’ data which had been inside it.

And at one trust, the Countess of Chester Hospitals, records of several patients were found to have been thrown away.

Until now the only reported data breach in the region has been when the personal details of staff at Sefton PCT were accidentally released.

But an investigation by the Daily Post, using the Freedom of Information Act, has revealed the loss of 230 records by health staff in the region.

More than half of the trusts which replied to a request for information confirmed they had lost data.

It is also revealed that the largest data loss – 100 records held on a “memory stick” by Liverpool Primary Care Trust, was not reported to the patients involved.

According to the PCT, the memory stick was lost or stolen in an office, and could not be located.

A spokesman said: “The data stick was encrypted. The appropriate manager completed an incident form and a management report.

“As a result of the loss, procedures were changed and patient information is no longer stored on portable data storage devices.

“The PCT did not inform the patients involved as the data stick was encrypted.”

The second single largest loss of data was reported by Halton and St Helens Primary Care Trust where a book used by weekend district nurses was “mislaid”. It contained names and partial addresses of patients, plus the access codes to get into communal accommodation, such as sheltered housing.

A spokesman for the PCT said: “An extensive search of the locations and offices used by the District Nursing teams was undertaken, but the communication book has not been found at present.

“The communication book contained as routine, the patient’s name and partial address. However, for three patients, there was a four-digit door access code recorded.

“We arranged for their access codes to be changed. In addition, we sent each of those three patients a letter, informing them of the reason the code was being changed.

“As a result of this incident, we reviewed the use of this type of communication book and as a result we have taken it out of operational use.”

The Royal Liverpool Children’s Hospital – Alder Hey – confirmed it had been forced to remind staff not to take patient files homes after one was stolen. It reported the highest number of data loss cases – five – but each only involved one patient.

Sefton PCT – which had been included on a government list of NHS data losses after staff details were inadvertently released – was one of three organisations to confirm data had gone missing in transit.

Both Alder Hey and the Liverpool Women’s Hospital said documents sent in the regular post never arrived, while Sefton PCT blamed the theft of a courier’s vehicle for files belonging to several children going missing.

A spokesman for Sefton PCT said: “People in Sefton can be confident that the Primary Care Trust looks after patient data very carefully and takes any breach or loss very seriously.

“We have strict policies and procedures about how data is used within the organisation and what happens in the event of an incident.

“The PCT employs the use of an incident reporting system to ensure incidents are reported, fully investigated and that lessons learned are cascaded within the PCT.

“Both incidents were investigated fully and reported to the Strategic Health Authority.”

Opposition politicians said the cases proved that data losses were now a regular occurrence and not just restricted to several high-profile cases, such as the loss of 25m child benefit files last year.

Shadow health secretary Andrew Lansley said: “The problem is endemic.

“The Government has been serially incompetent in looking after people’s personal data.

“People need to feel like they can trust the Government when they hand over personal data.”

Joyce Robins, from the patient support group Patient Care, said: “Health records can have anything from your ex-directory phone number to your HIV status.

“I think it’s the tip of the iceberg because there’s such carelessness within the NHS and it’s always impossible to hold anyone to account and find out who’s actually done anything.”

But a spokesman for the Department of Health said “There is no evidence of any data falling into the wrong hands.

“Patients are informed if it is appropriate to do so. Action will be taken against anyone who has failed to fulfil their legal responsibilities.’’

Category: Health Data

Post navigation

← Congress probes stolen laptop with 2,500 heart patients' names
Practicing Patients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.