HK: Lost flash drive with patient data wasn’t password-protected

Adele Wong of The Standard reports that the Hospital Authority has been urged to improve security to avoid further losses of patients’ records following another incident involving a lost flash drive with unencrypted data. In this most recent incident, a physician from the obstetrics and gynecology department at United Christian Hospital misplaced a USB flash drive with sensitive patient information. The drive was not even password-protected.

This is the third such incident of its kind. On March 25, Teresa Leung of Computerworld Hong Kong reported that a doctor from the ophthalmology department lost a drive with personal data of 47 patients including names, ID number, age, sex, and operation records. And in April of last year, the hospital lost a flash drive with data on 26 patients.

Update: The government’s web site reports:

An independent panel is investigating after a United Christian Hospital Obstetrics & Gynaecology Department doctor lost a personal USB flash drive containing eight patient data records.

The device has four scanned images of a fetal heart tracing record with one patient’s name and identity, and a Powerpoint presentation file with seven patients’ names, identity numbers and case summaries for internal clinical discussion.

About the author: Dissent