UK patient data stolen on unencrypted backup tapes

The data of 15,000 patients has been lost from a GP surgery

The data of 15,000 patients has been lost after a thief stole unencrypted computer tapes from a GP surgery.

In the latest in string of patient data losses in the UK, a safe containing the back-up tapes was stolen from St Paul's surgery in Winchester this month. The tapes contained personal health information on the patients.

Hampshire Primary Care Trust, which manages NHS care in the county, said the tapes were not encrypted but instead had password protection. It said "specialised computer equipment" was needed to run the tapes, and added: "Anyone trying to read the information would ... need to have very advanced computer skills or access to a special computer program to make any sense of it."

The thieves were unlikely to be targeting the information, it said, but instead may have been after drugs, money or prescription pads, which were not in the safe.

The safe was stolen from a locked room. Hampshire PCT said it was writing to patients to inform them of the loss, and it has set up a phone line for anyone concerned.

"We would like to reassure patients registered at the surgery that the chances of anyone being able to do anything untoward with the tapes are very small indeed," it said in a statement.

The crime is currently being investigated by Hampshire police.

Juergen Obermann, chief executive at data archiving firm GFT inboxx, questioned the use of tape backups at the surgery. "It's incredible that organisations continue to use archaic methods to retain sensitive information," he said.

"Clearly records need to be retained, but backing-up to tape creates an unnecessary risk. In light of this incident, organisations should look at ways to archive information electronically, mitigating the threat of this kind of data loss."

In an unrelated data loss incident in Ireland, unencrypted sensitive information on 1,150 health-care workers has been lost when a password protected laptop, BlackBerry and data disc were stolen from a senior medical officer in the Irish Health Service Executive. The items were stolen from the officer's home last week.

The data lost includes the name, address, date of birth, phone number, GP name and occupation of the staff, who were taking part in a survey on a flu vaccine. The staff, police and the data protection commissioner have been notified.

Deputy data protection commissioner Gary Davis told the Newstalk local radio station: "Our concern is how this type of information, revealing health information, came to be in somebody's house in an unencrypted format."

In the UK, NHS patients have suffered data losses in recent months. In June, two NHS trusts lost unencrypted laptops containing 31,000 patient records.

Join the newsletter!

Error: Please check your email address.

Tags unencryptedSpecial IDpatient dataUK

Show Comments

Market Place

[]