Feeds

8m health records go walkabout

Unencrypted, password-free blackmailer's starter kit

Secure remote control for conventional and virtual desktops

A London health authority has admitted losing a laptop which contains 8.6 million health records.

The machine was lost three weeks ago, but has only just been reported missing to police and the Information Commissioner's Office.

We've asked North Central London health board why it needed to store 8.63 million health records on an unsecure laptop in the first place.

They sent us the following: "NHS North Central London is investigating the loss of a number of laptops. One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed. NHS North Central London operates under strict data protection guidance and is taking the matter extremely seriously. We have started an investigation into the issues raised by the loss. We are liaising with the office of the Information Commissioner."

The machine was one of 20 lost from a storeroom at London Health Programmes - a research body based at NHS North Central London, the Sun reports. Eight of the 20 have been recovered, but the authority is still looking for the other 12.

The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses.

An ICO spokesperson said: “Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach.”

A Department of Health spokesman later sent us this statement:

"All NHS organisations are legally required to comply with Data Protection legislation and are expected to take data loss extremely seriously, be open about incidents and about the action taken as a result.

"We have set clear standards for NHS organisations to adhere to on data handling, and have issued guidance that sets out the steps they must take to ensure records are kept secure and confidential.

"Local NHS organisations are responsible for implementing these data handling processes, including which staff need to have access to health records, and for compliance with Information Governance standards." ®

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.