Lame NHS loses 31,000 patient records

Lame NHS loses 31,000 patient records

Summary: Setting an example for irresponsibility, while violating security policies, the UK National Health Service (NHS) has lost unencrypted data on 31,000 patients. The data was lost when thieves stole several NHS laptops.


 Lame NHS loses 31,000 patient records

Setting an example for irresponsibility while violating internal Department of Health policies, the UK National Health Service (NHS) has lost unencrypted data on 31,000 patients. The data was lost when thieves stole several NHS laptops.

Computerworld UK reports:

A laptop containing 11,000 patient records was stolen from a GP's home in Wolverhampton. And St George’s Hospital in London has admitted that six laptops were stolen from its filing cabinets at the start of the month, containing the records of 20,000 patients.

The NHS has a history of losing unencrypted data.

In a rather poor showing of remorse, the NHS explained:

The trust apologised for losing the laptops, and added that it was its policy for laptops not to contain patient data.

“This was done as a temporary measure because of a problem with the computer network. However, the laptops were in a secure area under lock and key,” it said in a statement. “The data was being used to monitor and reduce waiting times at the hospital.”


Personal data loss has become an enormous public issue affecting millions of citizens. Until relevant organizational leadership experiences the personal pain of fines and jail sentences, society will continue to face this problem.

I wrote the following when the Bank of New York lost 4.5 million unencrypted customer records:

Strong legislation and strict penalties, including the threat of jail time, is the only way to solve this common problem. If HSBC, the UK’s largest bank, is willing to send out unencrypted data, then this is truly a massive issue. Industry self-policing has not worked and it’s time the government enacted preventive regulation.

Those sentiments remain true today. It's time for the government to mandate encryption of personally-identifiable data held by both public and private entities.

Topics: Health, Hardware, Laptops, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Safer in a "cloud"

    Keeping sensitive data on laptops is pathetic. Keep it all in a very secure cloud and give access from any location. If hackers get to the data, great, they will anyway if the info is just left on laptops, on trains and so forth.

    Just work on the assumption that no data is sacred and the problem goes away.
  • RE: Lame NHS loses 31,000 patient records

    Everybody should be able to keep their own records and have them updated when they have to visit their doctor or hospital. It is easy enough today to keep your own records on USB flash drives etc. These people consistently prove that they are incapable of protecting people's private data.
    And I agree with the comments regarding jail time and heavy fines for those concerned but I hear nothing from anyone about compensation for those affected. There should be a standard payment in compensation for those affected and they should be told well in advance of it going public so that they can change the most important points when they can.
    • Really good point

      Love the idea of compensation to victims. Thanks for jumping in.
    • Victim Compensation

      I agree there should be compensation to the victim. It should be high enough (per individual) to redress potential damage to identity and inconvenience of having to strictly monitor their credit reports and health files for several years (not one, not two years).

      However, it should not be so high as to be an income-earning activity in and of itself.

      That will certainly get executives attention.