A senior hospital manager has been suspended after a laptop computer containing the unencrypted records of over 20,000 patients was stolen from his car whilst he was on holiday.
The machine was stolen on 18 June from a car belonging to a manager from Colchester University Hospital NHS Foundation Trust. The car had been parked in Edinburgh, Scotland, where he was holidaying.
Details on the laptop included patient names, postcodes and treatment plans. The trust has now sent letters to all the patients affected apologising for the incident and any distress it may cause.
In a statement trust chief executive, Peter Murphy, said: “The trust offers all affected patients its sincere apologies for putting their confidential information at risk. The computer was password-protected and only authorised staff with the correct password could access the data. But as the data was not encrypted there is a very small chance that patient details can be accessed.”
Murphy admitted that the laptop was likely to be sold on by the thieves responsible, but was confident that the data would be wiped beforehand.
“We believe the data will almost certainly be wiped by the thief for a quick sale. Nonetheless, we owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future,” he said in the statement.
A police inquiry is underway and the trust have also launched an investigation into the theft. The Information Commissioner will also launch an investigation into the data breach.
The incident follows the recent theft of six laptops stolen from St George’s hospital in London contained details of about 20,000 patients. In another recent incident, a laptop holding 11,000 patient records was stolen from a doctor in Wolverhampton.
A disc containing information relating to almost 1,000 emergency call outs by the Scottish Ambulance Service, including the names and addresses of patients, also went missing last month while the courier company TNT was transporting it from the ambulance service’s emergency medical dispatch centre in Paisley.
In May, NHS Connecting for Health selected security software specialist McAfee to provide solutions for endpoint desktop encryption and port control, to protect confidential data on NHS computers and mobile devices, however the Department of Health has said it will take at least six months for each trust to complete the rollout of encryption.