Lothian NHS worker loses USB containing patient data

A health worker at NHS Lothian has admitted losing a USB memory stick containing personal information of 137 patients.

The incident comes just weeks after the thefts of six laptops containing personal details of 20,000 patients from a south London hospital and a laptop holding 11,000 patient records from a doctor in Wolverhampton.

NHS primary care trusts (PCTs) have blamed Connecting for Health, the government body responsible for running the NHS's National Programme for IT, after missing a government deadline to secure data on mobile devices.

The Lothian Trust said in a statement that storing information on such devices is in breach of "clear and widely communicated" NHS regulations.

The police were notified of the loss, but the trust said there was no evidence the data stick was stolen or any information disclosed.

Peter Gabbitas, health and social care director at NHS Lothian said the trust had taken immediate action to identify and inform all the patients whose information was lost.

Ken Munro, director of penetration testing division of NCC Group said using memory sticks with an encryption key would solve this common problem.

"Memory sticks with built-in encryption are a little more expensive, but they are easy to use and provide instant security for data that is routinely moved around," he said.

Munro said companies could enforce the use of encrypted memory sticks through management software to control what devices can be connected to the network.