The loss of laptops containing the details of more than
30,000 NHS patients has highlighted the need for higher levels of
data protection through encryption, according security consultancy
NCC Group.
Six laptops stolen from a south London hospital contained
details of about 20,000 patients. In another incident, a laptop
holding 11,000 patient records was stolen from a doctor in
Wolverhampton.
Department of Health regulations require confidential patient
information stored on laptops to be encrypted, but the stolen
laptops in both cases were protected only by passwords.
Ken Munro, director of penetration and security testing at NCC
Group, said encryption was necessary because password protection
was easily broken.
All patients involved were notified that the lost information
included names, addresses, medical notes, dates of birth and
medical histories.
In south London, the computers were stolen from a locked cabinet
at St George's Hospital in Tooting, and in Wolverhampton the laptop
was stolen in a burglary at a doctor's home.
Jon Crockett, chief executive, Wolverhampton City Primary Care
Trust, said, "All GP practices in the city have been reminded of
their responsibility for the safety and security of data held by
their practices."