People may trust the NHS with their health, but they should seriously reconsider its ability to safeguard their personal data, after yet another embarrassing data breach.
It has emerged that Surrey and Sussex Healthcare NHS Trust, which runs East Surrey Hospital lost the confidential records of 800 patients on an unencrypted memory stick.
The data breach happened way back in September 2010, and according to the Crawley Observer, the lost details included patient names, operation details, and dates of birth. The lost memory stick was never recovered.
The NHS has a long track record with losing people’s confidential data, but what makes matters worse in this particular case is that the 800 affected people were never informed their details had been misplaced.
Meanwhile the ICO told eWEEK Europe that the case was reported to it soon after the data loss incident, but the case only came to the public’s attention when it was mentioned in the annual 2010/11 report from the Surrey and Sussex Healthcare NHS Trust.
“After investigating the breach the ICO warned the organisation that their policy covering the storage and use of personal data must be followed by staff and the Trust must make sure that their staff are aware of their policy for the storage and use of personal data and are appropriately trained on how to follow it,” said the ICO spokesperson.
“The Trust was also warned that any repetition of such an incident may result in formal regulatory action,” the ICO said.
While the NHS may be good at safeguarding people’s health, it has a truly shocking reputation for protecting people’s confidential data.
In early September the University Hospital of South Manchester NHS Foundation Trust was ruled to have breached the Data Protection Act (DPA) by losing sensitive personal information relating to the treatment of 87 patients. A memory stick was lost by a medical student when he copied data onto a personal, unencrypted memory stick for research purposes.
But the list of other NHS data breaches does not stop there.
In July researchers for London Health Programmes revealed that they had lost unencrypted records of 8.63 million NHS patients. And last October Healthcare Locums Plc breached the Data Protection Act when it lost a hard disc drive (HDD) that contained personal data of the doctors it employed, such as their security clearances and visa information.
In May 2010 a NHS worker in the secure mental health unit of a Scottish hospital was suspended, after losing a USB stick containing patients’ medical records.
The ICO has previously published a list of the 1,000 most serious data breaches reported since 2007.
It found that the NHS was responsible for 305 of the 1,007 reported breaches, almost a third of all recorded data breaches in the UK for the last three years.
In an effort to help the NHS deal with data loss, the ICO produced guidance for health organisations explaining their obligations to keep the personal information they handle secure, as well as giving advice on the security measures that must be in place.
It also carried out a number of audits with health organisations to help them identify ways in which they can improve their handling of personal information.
Level of cyberthreats revealed, after BT says it spots 2,000 signals of potential cyberattacks every…
The British competition regulator has provisionally found competition concerns over Vodafone’s planned merger with Three…
Post Activision - Microsoft Gaming confirms it will axe 650 employees, after thousands of job…
Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…
Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…
Google's protection of EU users' personal data when training its AI model, is under investigation…