NHS trust loses 800 patients' data

An unencrypted memory stick goes missing at East Surrey Hospital as another NHS data loss hits.

NHS

East Surrey Hospital lost medical data of 800 patients in late 2010, marking another low point in the life of NHS information security.

The Surrey and Sussex Healthcare NHS Trust, which runs the hospital, admitted the data went missing on an unencrypted memory stick in September 2010, the Crawley Observer reported.

The affected patients were never informed of the data loss. Lost data included operation details, names and dates of birth.

"All staff should always use encrypted memory sticks when transferring patient data," said chief executive of the NHS trust Michael Wilson.

"It is regrettable that this didn't happen on this occasion and the member of staff has been taken through the trust's disciplinary procedures and has received further training."

The details of the loss emerged in an annual 2010/11 report, which also showed there were another nine "near misses" where data went missing but was then found.

All staff should always use encrypted memory sticks when transferring patient data.

The Information Commissioner's Office (ICO) said the loss had been reported to the watchdog in late 2010.

"After investigating the breach the ICO warned the organisation that their policy covering the storage and use of personal data must be followed by staff and the trust must make sure that their staff are aware of their policy for the storage and use of personal data and are appropriately trained on how to follow it," the ICO said.

"The trust was also warned that any repetition of such an incident may result in formal regulatory action."

This is not the first time the Surrey and Sussex Healthcare NHS Trust has been caught out, however. In 2009, it emerged the body had two unencrypted laptops stolen, whilst an employee also left a sheet containing data on 23 patients on a bus.

The NHS has been hit by a plethora of data losses over the past few years. Last month, two trusts were found to have lost a tonne of patient data.

In the case of Eastern and Coastal Kent Primary Trust, 1.6 million individuals' data went missing after a CD containing the information was sent to a landfill site inside a filing cabinet, during a move of office premises.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌
Google Docs

Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌

14 Jun 2021
The complete guide to building a security awareness programme that works
Whitepaper

The complete guide to building a security awareness programme that works

14 Jun 2021
2021 state of the phish
Whitepaper

2021 state of the phish

14 Jun 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021