Thousands of NHS computer ‘smartcards’ used to give access to confidential patient records have gone missing.
Connecting for Health, the DH agency in charge of the NHS IT programme, said 4,147 were unaccounted for – but stressed they were useless without matching six digit PIN numbers.
Among 221 NHS bodies replying to FOI requests from GP magzine Pulse, 2,887 cards were reported missing, including 1,400 last year alone.
The magazine suggested that if figures were extrapolated across the English NHS the total number of lost cards could be as high as 6,000.
Smartcards have been issued to 429,691 NHS staff as of January 1, 2008, with the number of users eventually expected to top 1.2m.
CfH has confirmed that just under 1%, 4,147, have been reported missing. Some 1,240 of these were reported in the past year.
Connecting for Health said that multiple reports of the same card loss might account for the difference. One trust in ten said that it had no idea how many cards had been lost or stolen.
A Connecting for Health Spokesman said: "There is no evidence that any security breaches have ever arisen from lost or stolen cards."
Paul Malcolm, general manager of health security specialists Sentillion, told EHI the two-factor authentication of Smartcards is designed to be robust enough to withstand losses: “Only someone bearing the right physical element (the smartcard) and mental element (the personal identification number) can access the system. Either of these authentication factors is useless without the other corresponding factor."
Speaking to the BBC, Cambridge University IT security expert, Professor Ross Anderson, said it was unrealistic to believe that such a large network would remain entirely secure. "You can’t expect stuff to remain confidential if a few hundred thousand people have access.”