20,000 more NHS records at risk

[security curmudgeon <jericho () attrition org>]

http://www.itgovernance.co.uk/media/article.aspx?news_id=683

20,000 more NHS records at risk
Five more NHS organisations in breach of the Data Protection Act!

The Information Commissioners Office (ICO) have issued further warnings to 
NHS bodies about the importance of data security, after finding five more 
NHS organisations in breach of the Data Protection Act.

DPA Breaches include:

    1. 20,000 patient medical treatment details put at risk after the loss 
of an unencrypted compact disk;
    2. 143 patient details, including sensitive medical information put a 
risk after the theft of an unencrypted memory stick. The memory stick was 
not password protected or encrypted when an employee had been taking it 
home for use on his personal computer;
    3. One Trust was insecurely storing hospital records for nearly two 
years following data being transferred between hospitals;
    4. Found on a bus - A ward handover sheet, containing information 
relating to 23 patients in the care of Surrey and Sussex NHS Trust. The 
Trust also reported the theft of two laptop computers. Although they were 
kept behind three locked doors, they were not encrypted;
    5. 349 patients and 258 staff personal data put at risk after the theft 
of an unencrypted laptop computer. The laptop was stolen from an employee 
attending a health conference.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php