NHS in more data security blunders


Another two major NHS security snafus were revealed this week, with two trusts caught out losing a tonne of patient data.

In the case of Eastern and Coastal Kent Primary Trust, 1.6 million individuals' data went missing, including addresses, dates of birth, NHS numbers and GP practice codes.

The information was held on a CD, which was sent to a landfill site inside a filing cabinet, during a move of office premises.

To lose 1.6 million patients' details in such a way still strays beyond carelessness.

Attempts were made to retrieve the CD, but by that point it was too late.

The Information Commissioner's Office (ICO) discovered the Trust's employees involved in the move were not up to speed on data governance training.

The ICO said it had found no evidence the data had been compromised or used for malicious intent.

"While there is no evidence to suggest that any of the data was accessed, this case highlights that clear policies and procedures should be put in place to support staff when handling personal information as part of an office move. These policies should be communicated to all relevant staff," a spokesperson said.

"We are pleased that Eastern and Coastal Primary Care Trust has now taken action to make sure that the personal information they handle is kept secure."

ICO's comments may not appease those shocked by the amount of data lost.

"To lose 1.6 million patients' details in such a way still strays beyond carelessness and firmly into negligence," said Chris McIntosh, chief executive (CO) of network security company ViaSat UK.

"Whether the CD is lost forever or ends up in the right or wrong hands may still be unknown, but the stark fact is that the personal details of over 2.5 per cent of the UK's population have been lost and could possibly end up used for identity theft."

Meanwhile, Royal Liverpool and Broadgreen University Hospitals NHS Trust lost data of 49 patients in two separate incidents earlier this year, it emerged yesterday.

In one case, a member of the public returned a document containing names and clinical data. Five months later a medical bag containing data of 27 patients was stolen from a member of staff's car.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.