DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Patients' details lost on train by Hertfordshire doctor (updated)

Posted on September 20, 2010 by Dissent

East and North Hertfordshire NHS Trust has been found in breach of data protection after a doctor lost a memory stick on a train.

The junior doctor had recorded details of patients’ conditions and medication on the device and was meant to hand it over to the next doctor on shift.

But the doctor forgot and lost the unencrypted device on the way home.

Read more on BBC.

There’s no statement on the ICO’s web site or on the trust’s web site at the time of this posting.

Update: The ICO has now posted their release on the matter:

The information Commissioner’s Office (ICO) has found East & North Hertfordshire NHS Trust to be in breach of the Data Protection Act after an unencrypted USB stick containing sensitive personal data was lost on a train journey home.

The USB stick was used by a junior doctor to record brief details of patients’ conditions and medication before being handed to the next doctor on shift. In this incident the doctor had accidentally taken the USB stick home intending to forward the data electronically, but lost the unprotected device on a train. It has not yet been recovered. The doctor informed the Trust immediately after discovering the loss and a full investigation was conducted. Enquiries by the ICO revealed that the junior doctor had not been aware of the Trust’s data protection policies and did not have access to email to receive policy reminders and updates.

It was also discovered that the Trust’s policies on the use of personal USB sticks were not clear and no technical measures were in place to prevent misuse of portable devices.

Nick Carver, Chief Executive of East & North Hertfordshire NHS Trust, has signed an Undertaking agreeing to take a series of steps to ensure that the Trust’s policy on the use of portable devices is clear and
communicated to all staff. The Trust has also agreed to provide training for all staff who have access to personal information. The Undertaking also requires the Trust to regularly monitor for compliance with security procedures and to implement appropriate safeguards to prevent a similar breach in the future.

Mick Gorrill, Head of Enforcement at the ICO, said: “Storing sensitive personal data on unencrypted data sticks is a risk Trusts should not be willing to take. If it is vital to store information for handover, this must be done with the highest security measures in place. Furthermore, it is vital that employees are fully aware of processes which could have prevented this incident from occurring. I am pleased that the Trust has agreed to take practical and effective steps to ensure such an incident does not occur again.”

A full copy of the Undertaking can be viewed here:
http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx

Category: Health Data

Post navigation

← Suspended Bangalore techie allegedly stole company data (updated)
(follow-up) UK: St Albans laptop theft warning →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.