On TechRepublic: Why Android beats iPhone
BNET Business Network:
BNET
TechRepublic
ZDNet

June 19th, 2008

Lame NHS loses 31,000 patient records

Posted by Michael Krigsman @ 7:13 pm

Categories: CIO issues, IT issues, Politics, Security and privacy

Tags: Patient, Laptop Computer, Lame NHS, National Health Service, Notebooks, Hardware, Notebooks & Tablets, Michael Krigsman

 Lame NHS loses 31,000 patient records

Setting an example for irresponsibility while violating internal Department of Health policies, the UK National Health Service (NHS) has lost unencrypted data on 31,000 patients. The data was lost when thieves stole several NHS laptops.

Computerworld UK reports:

A laptop containing 11,000 patient records was stolen from a GP’s home in Wolverhampton. And St George’s Hospital in London has admitted that six laptops were stolen from its filing cabinets at the start of the month, containing the records of 20,000 patients.

The NHS has a history of losing unencrypted data.

In a rather poor showing of remorse, the NHS explained:

The trust apologised for losing the laptops, and added that it was its policy for laptops not to contain patient data.

“This was done as a temporary measure because of a problem with the computer network. However, the laptops were in a secure area under lock and key,” it said in a statement. “The data was being used to monitor and reduce waiting times at the hospital.”

THE PROJECT FAILURES ANALYSIS

Personal data loss has become an enormous public issue affecting millions of citizens. Until relevant organizational leadership experiences the personal pain of fines and jail sentences, society will continue to face this problem.

I wrote the following when the Bank of New York lost 4.5 million unencrypted customer records:

Strong legislation and strict penalties, including the threat of jail time, is the only way to solve this common problem. If HSBC, the UK’s largest bank, is willing to send out unencrypted data, then this is truly a massive issue. Industry self-policing has not worked and it’s time the government enacted preventive regulation.

Those sentiments remain true today. It’s time for the government to mandate encryption of personally-identifiable data held by both public and private entities.

Michael KrigsmanMichael Krigsman is CEO of Asuret, Inc., a software and consulting company dedicated to reducing software implementation failures. Click here to discuss this post with him on Twitter. See his full profile and disclosure of his industry affiliations.

Email Michael Krigsman

Subscribe to IT Project Failures via Email alerts or RSS.

  • Talkback
  • Most Recent of 4 Talkback(s)
Victim Compensation
I agree there should be compensation to the victim. It should be high enough (per individual) to redress potential damage to identity and inconvenience of having to strictly monitor their credit repor... (Read the rest)
Posted by: elizab Posted on: 06/20/08 You are currently: a Guest | | Terms of Use
Safer in a "cloud"  fr0thy2 | 06/19/08
RE: Lame NHS loses 31,000 patient records  bill.andersen@... | 06/20/08
Really good point  mkrigsman@...ZDNet Moderator | 06/20/08
Victim Compensation  elizab | 06/20/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement
Click Here

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads