A laptop containing unnamed patient information has gone missing from a subsidiary of the NHS North Central London health authority, putting the privacy of patients at risk.
A laptop containing unnamed patient information has gone missing from a subsidiary of the NHS North Central London health authority. Photo credit: comedy_nose/Flickr
The Sun reported on Wednesday that the laptop, which was lost along with 19 others three weeks ago, contained the unencrypted health details of over 8.63 million people and records of 18 million hospital visits, operations and procedures. It was taken from a storeroom of London Health Programmes, a medical research organisation based within the NHS North Central London health authority.
Both the UK's privacy watchdog, the Information Commissioner's Office (ICO), and the police are investigating.
"Any allegation that sensitive personal information has been compromised is concerning, and we will now make enquiries to establish the full facts of this alleged data breach," the ICO said in a statement on Wednesday.
According to The Sun, the patient data did not cover names, but did contain postcodes and details of gender, age and ethnic origin.
NHS North Central London confirmed the loss of the laptops. However, it declined to confirm how many patient records were affected, what those records contained or whether any data was compromised, saying it was still looking into the matter.
"One of the machines was used for analysing health needs requiring access to elements of unnamed patient data," the health authority said in a statement. "All the laptops were password protected, and our policy is to manually delete the data from laptops after the records have been processed."
The London health authority does not know if the data on the device had been wiped. "The laptop is missing, so that can't be determined," a spokeswoman told ZDNet UK.
[The NHS] holds millions of [bits of] data on millions of people. They're probably the body that hold the most sensitive data in the UK.– ICO
If the data has been breached, the implications could be serious, according to the ICO. "[The NHS] holds millions of [bits of] data on millions of people. They're probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day," a spokeswoman for the ICO told ZDNet UK.
In 2010/2011, the NHS reported 165 security breaches to the ICO, the privacy watchdog said.
Christine Connelly, the government's chief information officer for health, told ZDNet UK in April that the NHS had reduced the amount of data it had exposed, after being named by ICO as the organisation with the highest number of breaches in 2009/2010. "Higher levels of encryption mean we get to the point where what gets lost is the physical asset," she said at the time.
However, NHS North Central London could not confirm that the patient record data on the missing laptop was encrypted.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.