Health bosses in Wales have written to 950 patients whose details were on a laptop computer stolen from St Julien’s GP surgery in Newport last month.
Cardiff and Vale NHS Trust said the laptop contained patient retinopathy images together with the details of the patients’ names, addresses, dates of birth and phone numbers.
The data was part of a screening problem for diabetic people with eye problems run by the Diabetic Retinopathy Screening Service (DRSS), which screens patients across Wales
The trust says that it is possible further patient records were held on laptop stolen on 5 November. In a statement issued last week, Cardiff and Vale’s chief executive, Hugh Ross, said: "I know that 950 patients have definitely been affected by this incident and I am writing to each of them individually to notify them and offer my apologies.”
Ross added: “It is possible that further patient records, which were due to be deleted, may still be stored on the computer. The trust has no way of knowing if this is the case unless the laptop can be recovered."
The trust chief executive said the incident had been reported to the police and the DRSS. When the DRSS holds clinics in various locations in the community, including GP surgeries, staff record patient information onto laptops, later uploaded to a central database.
The trust has also ordered an investigation into data and computer security measures, and says rigorous security measures are in place.
In its statement the trust said: “All trust computers are password-protected to an approved NHS standard to ensure that only NHS staff can access the system. In addition, there are a further two levels of security on this laptop before patient information can be accessed."