NHS loses laptop holding 8m patient records

Stewart Mitchell Read more June 15, 2011

The NHS has admitted losing a laptop packed with up to 8.6 million medical records in a large-scale data breach that went unreported for three weeks.

NHS loses laptop holding 8m patient records

The breach stems from the loss of “a number of laptops” from a North London storeroom and is being investigated by the Information Commissioner’s Office.

“NHS North Central London is investigating the loss of a number of laptops,” the health authority said. “One of the machines was used for analysing health needs, requiring access to elements of unnamed patient data.”

One of the machines was used for analysing health needs, requiring access to elements of unnamed patient data

The authority has given few details of the case, but a report in The Sun claims 20 laptops went missing and only eight have since been retrieved. Police were “dismayed” that the health authority had taken so long to report the issue.

A spokesperson for the NHS told PC Pro that it couldn’t comment on what was on the remaining missing laptops because the investigation was ongoing.

The NHS stressed that patients were unnamed in the records, but with details including postcodes and gender, and information relating to cases including HIV, cancer and abortion, there are fears that individuals could be identified if security measures on the laptops were bypassed.

“All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed,” the NHS statement said.

The ICO confirmed it was investigating the issue. “Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach,” the watchdog said.