Stolen laptop had data of over 171,000 Irish blood donors

[InfoSec News <alerts () infosecnews org>]

http://www.ireland.com/newspaper/frontpage/2008/0220/1203371241270.html

By Eithne Donnellan
Health Correspondent
The Irish Times
February 20, 2008

More than 171,000 Irish blood donors whose personal details were on a 
computer stolen in New York earlier this month will be contacted by the 
Irish Blood Transfusion Service (IBTS) this week.

The blood service said yesterday it was very concerned at the theft of 
the laptop on February 7th and while records were securely encrypted on 
the computer, there was a "remote" chance the data might be accessed by 
a third party.

The laptop went missing when a New York Blood Centre staff member was 
mugged. He had the records of Irish donors on his laptop because the New 
York centre is customising a software programme it developed to meet the 
needs of the Irish blood service.

Some 171,324 Irish donor records and 3,294 patient blood-group records 
were on the laptop. The patients whose blood group records were on the 
laptop were people who had samples of their blood sent by hospitals to 
the blood service for determination of their blood group and to see what 
group would suit them if they needed a donation. The hospitals in 
question will contact these patients in due course.

The donor records would include details such as name, address, date of 
birth, gender, blood group and contact phone number. The records on the 
laptop included any donor details that were updated between July 2nd and 
October 11th, 2007.

The Irish blood service said it was notified of the theft the day after 
it happened and it informed the Data Protection Commissioner of what 
happened on February 11th.

"The IBTS and NYBC are deeply concerned at the theft of the laptop 
computer. The IBTS is very conscious of its obligations under the Data 
Protection Acts and has always strived to be fully compliant with those 
obligations.

"We are writing to each donor affected by this incident to reassure them 
and to advise them of the possibility, however remote, that their 
personal data might be accessed. We expect these letters to be posted on 
Friday, February 22nd," it said.

"We will also be writing to the hospitals and GPs, who in turn will 
contact the patients concerned."

The records were in New York, the blood service said, "because we are 
upgrading the software that we use to analyse our data to provide a 
better service to donors, patients and the public service". Donors who 
are concerned can contact the IBTS information line on 1850 731 137.

Copyright 2008 The Irish Times


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn