Colchester Hospital sacks manager over lost laptop

Holiday car break-in leads to dismissal

By John Leyden • Get more from this author

Posted in Enterprise Security, 12th August 2008 12:27 GMT

Free whitepaper – Vulnerability management buyer's checklist

Colchester University Hospital has sacked one of its managers over the theft of his work laptop, which contained unencrypted patient records.

The PC - which was stolen (pdf) from the unnamed manager's car in June - contained copies of the personal details and treatment plans of several thousand patients. Thieves took the machine after breaking into the car, which was parked in Edinburgh at the time, where the unnamed manager was holidaying.

The computer was password-protected but the data was not encrypted.

Colchester Hospital University NHS Foundation Trust said (pdf) that the manager involved was dismissed following a disciplinary panel last Friday. "The unanimous decision of the disciplinary panel sends out a clear statement about how seriously the Trust takes security and patient confidentiality. I again apologise for the distress the theft of this laptop may have caused," said Peter Murphy, chief executive of Colchester Hospital University NHS Foundation Trust.

Data loss cock-ups are all too common and rarely result in anyone been shown the door.

Jamie Cowper, director of marketing at PGP, said that responsibility for implementing adequate security policies ultimately rests at board level.

"Technologies such as encryption should be implemented and managed on an enterprise-wide basis, not left up to the individual. Unless there is evidence of grievous misconduct, the responsibility for data security should lie with the organisation as a whole – and that means that in cases such as this, punishment should be top-down rather than bottom-up." ®

Free whitepaper – The starter PKI program