Children's Hospital LosesSensitive Data

Birmingham's Children's Hospital has received a warning from the Information Commissioner's Office (ICO) after breaching the Data Protection Act.

The breach occurred when two laptops containing sensitive information on 17 patients were stolen from the Respiratory Medicine department. Details stored on the machines were thought to include patient diagnoses, video recordings and data on the health of individuals being treated at the hospital.

The severity of the incident is enhanced given the laptops taken were not unencrypted and had no other exposure prevention solutions installed.

The ICO has made the department sign an undertaking to change. It will now incorporate encryption technologies across all computers in the department and improve training for staff members on the importance of data protection.

Mick Gorrill, Head of Enforcement at the ICO, said: ”It is unacceptable to leave portable devices containing personal information unencrypted. The fact that these laptops contained sensitive personal data highlights the gravity of the case. I am pleased that the Trust has agreed to take these remedial steps to ensure such an incident does not happen again.”

The incident follows news that one in ten of all NHS trusts are inadequately protected against potential exposure cases. Networking security firm, Hytec, recently carried out a survey that revealed ten percent of NHS departments would not qualify for Information Governance Statement of Compliance (IG Soc).

IG SoC is the process that all organisations have to complete in order to access Connecting for Health (CfH) services, including the N3 network and Spine. The steps in the IG SoC process set out a range of security related requirements which must be satisfied in order for an organisation to secure the N3 network and its information assets.

Since 2007 the NHS has been responsible or almost a third of all UK data security breaches.