To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/research/specialreports/fulldisclosure/0,3800014102,39253496,00.htm

Probe into loss of 21,000 hospital patient details
Stolen laptop was unencrypted

By Nick Heath

Published: Monday 30 June 2008

A hospital trust has lost an unencrypted laptop containing details of thousands of patients.

The Information Commissioner's Office (ICO) will investigate whether Colchester University Hospital NHS Foundation Trust breached the Data Protection Act when it failed to encrypt 21,000 patient details.

Full Disclosure campaign

silicon.com is aiming to make businesses and government take data security more seriously. Read more here.

The laptop - containing patient names, dates of birth, postcodes and treatment details - was stolen from the car of a Colchester trust manager.

The manager has been suspended following the theft on 18 June and trust CEO Peter Murphy admitted the laptop should have been encrypted.

The Department of Health recently revealed it would take at least six months for trusts to complete encryption of all machines, from when work began in most trusts in March.

The Colchester hospital trust refused to confirm how much other patient data it held was unencrypted, citing "security reasons".

Despite this Murphy said in a letter that patients should be reassured that "the trust takes security and patient confidentiality very seriously".

Murphy told patients in a letter: "The trust offers all affected patients its sincere apologies for putting their confidential information at risk."

But he goes on to say there is a "very small chance that patient details can be accessed" and that the trust believes "the data will almost certainly by wiped by the thief".

The ICO took enforcement action against Marks and Spencer in January for breaching the data protection act by failing to encrypt staff information on a stolen laptop.