Hospital loses information on child patients

A laptop containing the personal details of thousands of children has been stolen from a hospital in Nottinghamshire.

Wendy Saviour, the chief executive of Nottinghamshire Primary Care Trust, said on Monday that three laptops had been stolen from offices at the Kings Mill Hospital near Mansfield last Wednesday. One of the three machines contained the names, addresses and dates of birth of children from the Newark & Sherwood, Ashfield and Mansfield areas.

According to Saviour, the laptop's only security is a single password, which she said "reduces the chances of anyone being able to see the information". In total, 9,742 families are believed to be affected, although Saviour pointed out that no medical information was stored on the laptop. The children involved are aged between eight months and eight years.

Gary Clark, EMEA vice president for SafeNet, said that the fact the laptop had only a password for protection was of extreme concern.

"Every organisation that handles sensitive information about the public has a responsibility to protect that information, and the use of passwords alone is woefully inadequate," he said. "Encrypting the data and using smart tokens or USB tokens to unlock the laptop will reduce the risk of unauthorised access." Clark claimed that just 44 percent of laptop data are protected.

Lynton Stewart-Ashley, country manager for GuardianEdge Technologies, claimed that the loss would have serious aftershocks for the trust. "When you add up the cost of legal fees, lack of trust in the community, and potential payouts to affected parties, you really begin to understand the full impact of data loss," Stewart-Ashley said. "Any damage can easily be circumvented with full disk encryption on all laptops under the Trust's charge. This is not rocket science."

PGP's Jamie Cowper also weighed in, stating that organisations "have to understand that storing confidential information on portable devices such as laptops brings serious responsibilities. By their very nature, laptops are a lot easier to steal than desktop computers, so it's absolutely vital that the data contained on them is protected to the hilt." He added: "Passwords aren't enough — to achieve absolute information security, organisations have to deploy comprehensive encryption policies across all devices."

The Trust is now "working closely with the police to investigate this theft and to recover the stolen computers", it said on Monday.