In yet another NHS data breach, a laptop containing the personal information of thousands of patients has been stolen from the car of a Colchester University Hospital manager.
The laptop, stolen on 18 June in Scotland, contains the names, dates of birth, postcodes, and medical treatment plans of patients. Letters were sent to about 21,000 affected patients over the weekend, saying that the computer was password protected and the data would most likely be wiped by the thief in order to sell the laptop.
However, the information on the laptop was not encrypted, so there is a chance the information could be accessed.
Chief executive Peter Murphy said in a statement that the Trust acknowledged patient data should not be stored on an unencrypted laptop, and he said he had previously written to staff that had laptops reminding them of this security measure.
Murphy said that "patients and the public should be reassured that the Trust takes security and patient confidentiality very seriously." He also said that a police investigation has been launched, and that the manager involved in the theft has been suspended.
However, this event in a long chain of recent breaches may make people wary of handing out their private data to the government, one industry commentator warned.
"In a statement designed presumably to reassure affected patients, the Trust said that it believed the data would almost certainly' be wiped by the laptop thief. However, this will be of little comfort to those people whose personal details have been exposed by an organisation they had trusted to keep them safe," argued Jamie Cowper, director of marketing EMEA at PGP Corporation , a data protection company.
"The public sector has to take its data handling responsibilities seriously, because if these types of incidents keep occurring, there's a real possibility that members of the public will begin to refuse to supply sensitive information to government organisations without rigorous and costly assurances," Cowper said.
Last week, a report was released stating that civil servants would be getting data breach training, a measure long overdue after continuous public sector data breaches.
This month alone, 900,000 data records were lost by a courier for the Scottish Ambulance Service, a police laptop was stolen from the car of an Avon and Somerset force driver, six laptops were taken from St George's hospital in South London, and a PC containing both government and constituency data was stolen from the office of Hazel Blears.
