Mike Sullivan reports on a huge data breach in the UK:
A laptop holding the medical records of eight MILLION patients has gone missing.
The computer vanished from an NHS building in the biggest-ever security breach of its kind.
It went missing three weeks ago but has only just been reported to police.
The unencrypted laptop contains sensitive details of 8.63 million people plus records of 18 million hospital visits, operations and procedures.
The data does not include names but patients could be identified from postcodes and details such as gender, age and ethnic origin.
The computer was one of 20 lost from a store room at London Health Programmes, a medical research organisation based at the NHS North Central London health authority.
Eight have been recovered but a search is still being carried out for the other 12.
Though the loss was reported as a theft it is not yet clear if the laptops, said to be worth £10,000 each, were stolen, mislaid or dumped.
The records include details of cancer, HIV, mental illness and abortions.
A source said: “This laptop would be a devastating tool in the hands of a blackmailer.”
Police were said to be “dismayed” that the loss – which is also being probed by the Information Commissioner – was not reported earlier.
Sourcee: The Sun
So what will the ICO do with this one? The fact that they’re not sure what happened to the laptop is troubling, as is the issue of why the data were not encrypted (I assume they’re not or that would have been mentioned).
Update: The ICO issued this statement:
“Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach.”