Blogscan: UK unencrypted laptop health breach affects more than 8.6 million records

From the blog "Australian Health Information Technology":

Who Needs Hackers When There Are Accidents Like This? The PCEHR [Personally Controlled Electronic Health Record - ed.] Won’t Avoid Hacker Attention I Suspect.

The following popped up a little while ago.

By Dom Nicastro

Think the United States has its problems with securing patient health information?

We’re not alone.

London Health Programmes, a medical research organization based at the NHS North Central London health authority, has reported missing an unencrypted laptop containing information of 8.63 million patients and 18 million hospital visits, operations and procedures, according to today’s issue of The Sun.

The data does not include names, “but patients could be identified from postcodes and details such as gender, age and ethnic origin,” according to the newspaper. Information on the laptop included records of cancer, HIV, mental illness and abortions.

The computer was one of 20 lost, and officials have since recovered eight. The research organization “only just” reported the missing laptops to police although they went missing three weeks ago, according to the newspaper.

The Information Commissioner’s Office, Great Britain’s independent authority that promotes data privacy for individuals, has issued a statement regarding the laptop theft:

“Any allegation that sensitive personal information has been compromised is concerning and we will now make inquiries to establish the full facts of this alleged data breach.”

More here with a gruesome list of UK breaches.

Clearly this sort of incident is made more significant when material like this is appearing regularly.

We've posted numerous times at Healthcare Renewal on the impossible dream of electronic medical record privacy, security and confidentiality. See blog query links here and here.

-- SS