In another staggering feat of incompetence, the NHS has managed to lose 20,000 private medical records of London patients.
The records were being stored on six laptops locked in a cupboard at St George’s Hospital in Tooting. A thief forced the cabinet open and made off with the laptops containing medical notes, dates of birth, addresses and postcodes.
Initially an NHS spokesperson was reported as saying that the data was encrypted. It soon turned out that it was not. The data is supposedly “password protected” but this usually means a trivial password system such as those found on an Access database or the machines BIOS, easily bypassed by anyone reasonably skilled in the art.
The most stupid statement to come from the NHS on the matter is probably the statement:
“We believe the data will almost certainly be wiped by the thief so he can get a quick sale.”
Not now that you’ve said that, it won’t. The thief is probably now fencing the data to the highest bidder. 20,000 prime NHS patient’s records possibly suitable for identity theft or even blackmail. Brilliant.
Surely it’s even possible that these machines were stolen to order with the specific intent of taking data? Quite honestly, ever criminal in the land must have realised by now that you can take any NHS or government official’s computer and have a reasonable chance of finding unencrypted confidential data on it. It wouldn’t surprise me if ‘phishing’ becomes sidelined!
The NHS has apologised for the data loss but I don’t suppose they will be compensating any patients which have their identity stolen or used information used against them.
Tags: data loss, identity fraud, incompetence, laptops, nhs, theft, uk
Entries (RSS)
[...] not on the scale of some of the previous gargantuan NHS data loss cockups, an NHS Lothian worker has none the less done their best to [...]