Six laptops, containing personal information about 20,000 NHS patients, have been stolen from St George’s Hospital in Tooting, London. According to security firm Sophos, “inadequate security policies” left the data vulnerable.
The sensitive information was being stored on the laptops on a temporary basis because of computer network problems at the hospital.
Carole Theriault, senior security consultant at Sophos, said that sensitive patient data should never be stored on portable computers.
“This should serve as a reminder of the damage that is done by poor attention to IT security policy,” she said.
“Organisations that are given the responsibility to store confidential personal details should invest in systems that make sure that this kind of information cannot be transferred to devices that may be compromised.”
St George’s Healthcare NHS Trust has said that information such as postcodes was password protected, but patients’ names and hospital numbers were shown on the records.
“Although on this occasion it appears that the damage may be limited, this will be of little consolation to the patients whose records have been stolen,” Theriault added.
“Sensitive data should be encrypted, or better yet, simply not stored on portable devices like laptops and blackberries.”