DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NHS puts over 20,000 records at risk

Posted on July 14, 2009 by Dissent

The Information Commissioner’s Office (ICO) is issuing further warnings to NHS bodies about the importance of data security, after finding five more NHS organisations in breach of the Data Protection Act. In one case, a ward hand-over sheet containing notes about patients’ health was left on a bus.

The Royal Free Hampstead NHS Trust reported the loss of an unencrypted compact disk containing medical treatment details of 20,000 patients from the hospital’s cardiology department.

Chelsea and Westminster Hospital Foundation Trust reported the theft of an unencrypted memory stick containing 143 patient details including sensitive medical information. The Trust believes that the information was stolen from an unlocked office that was being used as a walk-in clinic. The memory stick was not password protected or encrypted, and an employee had been taking it home for use on his personal computer.

It emerged that Epsom and St Helier University Hospital NHS Foundation Trust was storing hospital records insecurely for nearly two years following data being transferred between hospitals.

A ward handover sheet, containing information relating to 23 patients in the care of Surrey and Sussex NHS Trust, was found on a bus. The Trust also reported the theft of two laptop computers. Although they were kept behind three locked doors, they were not encrypted.

Hampshire Partnership NHS Trust informed the ICO about the theft of an unencrypted laptop computer holding the personal data of 349 patients and 258 staff. The laptop was stolen from an employee attending a health conference.

Some of the information was classified as sensitive personal data as defined in Section 2 of the Act. The NHS bodies have agreed to implement the appropriate security measures to ensure that personal details are properly protected by establishing physical safeguards, such as locking an office. Staff will be appropriately trained on the policy for storage and how to follow that policy. Laptops, mobile and portable devices held by The Royal Free Hampstead NHS Trust, Chelsea and Westminster Hospital NHS Foundation Trust and Hampshire Partnership Trust will be password protected and encrypted.

Sally-anne Poole, Head of Enforcement and Investigations at the ICO, said: “These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security. It is important that staff adhere to policies designed to protect individuals’ sensitive information.

“Data protection must be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to properly protect the personal information entrusted to them. Failure to do so could result in patient information, including sensitive medical records and treatment details falling into the wrong hands.

“The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal data is kept secure. These five organisations recognise the seriousness of these data losses and have agreed to take immediate remedial action.”

Failure to meet the terms of an Undertaking is likely to lead to enforcement action by the ICO. A copy of the Undertakings can be downloaded from
http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx

Source: ICO Press Release

Related posts:

  • UK: ICO issues stark reminder to NHS bodies on patient records
  • NHS puts over 20,000 records at risk
  • Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns
  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
Category: ExposureHealth DataLost or MissingNon-U.S.PaperTheft

Post navigation

← NHS puts over 20,000 records at risk
Leander ISD security breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.