This week, the police have been informed of yet another data breach involving personal health information.
The most recent in a catalogue of data breaches reveals that 20 laptops went missing from NHS North Central London's health authority store room three weeks ago. Regrettably, one of the 20 laptops was holding the health details of 8.63 million people, together with records of 18 million hospital appointments and procedures carried out.
Despite a number of recent data leaks by various NHS authorities and public bodies, this week's admission by NHS North Central London is evidence of a continuing, and concerning, lack of stringent security measures and procedures for the protection of our most sensitive personal information.
Whilst the health authority's laptop did not hold data detailing the names of patients, it did hold details of postcodes, age, gender, ethnic origin and mental health. It would therefore not be difficult for the person in possession of this laptop to work out to whom the data relates.
A search is currently being carried out for 12 out of the 20 laptops that are still missing and it still remains unclear whether the missing data is the result of a theft from within the store room, or a mishandling of the laptop either within NHS North Central London's buildings, or externally. However, the problem with a data breach is that once the information is out of the hands of authorised personnel, the damage has been done.
The matter is now being investigated by the Information Commissioner's Office and today an ICO spokesperson said: “Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach.”
Following the recent decision by the ICO discussed in our last e-update in which the ICO issued a fine of £120,000 for the mishandling of data by Surrey County Council, it will be interesting to see how the ICO deal with this most recent data breach and how its fine will reflect the severity of millions of people being at risk as a result of the breach.