NHS trust loses 800 patients' data


East Surrey Hospital lost medical data of 800 patients in late 2010, marking another low point in the life of NHS information security.

The Surrey and Sussex Healthcare NHS Trust, which runs the hospital, admitted the data went missing on an unencrypted memory stick in September 2010, the Crawley Observer reported.

The affected patients were never informed of the data loss. Lost data included operation details, names and dates of birth.

"All staff should always use encrypted memory sticks when transferring patient data," said chief executive of the NHS trust Michael Wilson.

"It is regrettable that this didn't happen on this occasion and the member of staff has been taken through the trust's disciplinary procedures and has received further training."

The details of the loss emerged in an annual 2010/11 report, which also showed there were another nine "near misses" where data went missing but was then found.

All staff should always use encrypted memory sticks when transferring patient data.

The Information Commissioner's Office (ICO) said the loss had been reported to the watchdog in late 2010.

"After investigating the breach the ICO warned the organisation that their policy covering the storage and use of personal data must be followed by staff and the trust must make sure that their staff are aware of their policy for the storage and use of personal data and are appropriately trained on how to follow it," the ICO said.

"The trust was also warned that any repetition of such an incident may result in formal regulatory action."

This is not the first time the Surrey and Sussex Healthcare NHS Trust has been caught out, however. In 2009, it emerged the body had two unencrypted laptops stolen, whilst an employee also left a sheet containing data on 23 patients on a bus.

The NHS has been hit by a plethora of data losses over the past few years. Last month, two trusts were found to have lost a tonne of patient data.

In the case of Eastern and Coastal Kent Primary Trust, 1.6 million individuals' data went missing after a CD containing the information was sent to a landfill site inside a filing cabinet, during a move of office premises.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.