UK: NHS trust lost 800 patient records on unencrypted memory stick

An NHS trust has done it again – losing 800 confidential patient records on an unencrypted memory stick.

The Surrey and Sussex Healthcare NHS Trust patient records were lost in September 2010. Shockingly, the details were on an unencrypted memory stick and worse, the 800 affected patients were never told. Leaked details include full name, date of birth and operation details.


This was not the trust’s first reported breach. A press release from the ICO in July 2009 had summarized other incidents involving them – the loss of patient data on a bus and the theft of laptops with unencrypted information.

About the author: Dissent

2 comments to “UK: NHS trust lost 800 patient records on unencrypted memory stick”

You can leave a reply or Trackback this post.
  1. Anonymous - October 3, 2011

    Interesting. I don’t see it mentioned in the article whether the ICO is aware of this data breach. I wonder what kind of monetary fine this will incur, if any? As far as I know, the ICO hasn’t covered any instances of organizations NOT reporting data breaches to patients (which is against the law, if I’m not wrong). Seems that a strong message needs to be sent.

    • Anonymous - October 3, 2011

      Ah, wrote too soon:

      The Information Commissioner’s Office (ICO) said the loss had been reported to the watchdog in late 2010.

      “After investigating the breach the ICO warned the organisation that their policy covering the storage and use of personal data must be followed by staff and the trust must make sure that their staff are aware of their policy for the storage and use of personal data and are appropriately trained on how to follow it,” the ICO said.

Comments are closed.