NHS Manager Is Suspended After Losing Computer
By News Scotland

A senior hospital manager has been suspended after a laptop containing the unencrypted personal data of more than 20,000 patients was stolen, a health trust admitted yesterday.

The computer, which held the names, dates of birth, postcodes and medical information of thousands of patients, was stolen from the NHS staff member’s car during a holiday in Edinburgh nearly two weeks ago.

All the individuals affected by the theft have been contacted, Colchester Hospital University NHS Foundation Trust said.

A spokesman for the trust, based in Essex, said that police had been notified immediately after the theft and that an internal investigation was also under way.

Leaving unprotected personal information on laptop computers is against NHS guidelines.

A spokesman for the Department of Health said: “This is very much not something you want to be doing, and policy to this effect was made clear to NHS bodies at the start of this year.”

The senior manager at fault, who has not been named, faces disciplinary action for failing to ensure the data’s safety after leaving it on an unattended laptop in a parked car while on holiday in Edinburgh.

The laptop was stolen after one of the vehicle’s windows was smashed.

Peter Murphy, chief executive of the hospital trust, sent a letter of apology to patients for compromising their private information and putting them at risk.

He said: “The computer was password-protected and only authorised staff with the correct password could access the data.

“But as the data was not encrypted there is a very small chance that patient details can be accessed.

“We believe the data will almost certainly be wiped by the thief for a quick sale. Nonetheless, we owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future.

“Patients and the public should be reassured that the trust takes security and patient confidentiality very seriously.

“We are holding an investigation into how this incident occurred and its consequences, and have suspended the member of staff involved until the investigation concludes,” he added.

Lothian and Borders Police confirmed that an investigation was under way, but said that no arrests had so far been made in relation to the theft, which occurred on June 18.

The laptop theft follows a series of high-profile security breaches affecting the NHS and other public bodies.

The personal details of tens of thousands of patients were contained on a number of laptops stolen from a London hospital, it was reported earlier this month.

In January, the safety of 63,000 military personnel was compromised by the theft of a Ministry of Defence laptop, one of more than 500 lost by the MoD since 1998.

Bank customers’ details and information about serving policemen and women has also been lost on stolen computer equipment within the past year.

If information of this kind is not encrypted within the computer’s memory, it is relatively easy for criminals to obtain it, even if it is protected by a password system.