Feeds

8m health records go walkabout

Unencrypted, password-free blackmailer's starter kit

Secure remote control for conventional and virtual desktops

A London health authority has admitted losing a laptop which contains 8.6 million health records.

The machine was lost three weeks ago, but has only just been reported missing to police and the Information Commissioner's Office.

We've asked North Central London health board why it needed to store 8.63 million health records on an unsecure laptop in the first place.

They sent us the following: "NHS North Central London is investigating the loss of a number of laptops. One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed. NHS North Central London operates under strict data protection guidance and is taking the matter extremely seriously. We have started an investigation into the issues raised by the loss. We are liaising with the office of the Information Commissioner."

The machine was one of 20 lost from a storeroom at London Health Programmes - a research body based at NHS North Central London, the Sun reports. Eight of the 20 have been recovered, but the authority is still looking for the other 12.

The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses.

An ICO spokesperson said: “Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach.”

A Department of Health spokesman later sent us this statement:

"All NHS organisations are legally required to comply with Data Protection legislation and are expected to take data loss extremely seriously, be open about incidents and about the action taken as a result.

"We have set clear standards for NHS organisations to adhere to on data handling, and have issued guidance that sets out the steps they must take to ensure records are kept secure and confidential.

"Local NHS organisations are responsible for implementing these data handling processes, including which staff need to have access to health records, and for compliance with Information Governance standards." ®

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.