A health worker at NHS Lothian has admitted losing a USB memory
stick containing personal information of 137 patients.
The incident comes just weeks after the thefts of
six laptops containing personal details of 20,000 patients from
a south London hospital and a
laptop holding 11,000 patient records from a doctor in
Wolverhampton.
NHS primary care trusts (PCTs) have blamed Connecting for
Health, the government body responsible for running the NHS's
National Programme for IT, after missing a government deadline to
secure data on mobile devices.
The Lothian Trust said in a statement that storing information
on such devices is in breach of "clear and widely communicated" NHS
regulations.
The police were notified of the loss, but the trust said there
was no evidence the data stick was stolen or any information
disclosed.
Peter Gabbitas, health and social care director at NHS Lothian
said the trust had taken immediate action to identify and inform
all the patients whose information was lost.
Ken Munro, director of penetration testing division of NCC Group
said using memory sticks with an encryption key would solve this
common problem.
"Memory sticks with built-in encryption are a little more
expensive, but they are easy to use and provide instant security
for data that is routinely moved around," he said.
Munro said companies could enforce the use of encrypted memory
sticks through management software to control what devices can be
connected to the network.