London Health Programmes loses unencrypted details of more than 8 million people

[Guest guest]

http://www.computerweekly.com/Articles/2011/06/15/246987/London-Health-Programme\

s-loses-unencrypted-details-of-more-than-8-million.htm

London Health Programmes loses unencrypted details of more than 8 million people

Wednesday 15 June 2011 11:54

London Health Programmes (LHP), a medical research organisation based at the NHS

North Central London health authority, has lost a laptop containing unencrypted

details of 8.63 million people.

The data on the laptop does not include names, but patients could be identified

from postcodes and details such as gender, age and ethnic origin, according to

The Sun.

Even though the laptop, along with 19 others, went missing three weeks ago, the

incident has just been reported to police and it is still unknown whether the

laptops have been stolen or simply mislaid.

Data encryption essential

McIntosh, chief executive of ViaSat UK (formerly Stonewood), says

regardless of whether theft was involved, the key point is that the data was not

encrypted.

An ICO spokesperson said: " Any allegation that sensitive personal information

has been compromised is concerning and we will now make enquiries to establish

the full facts of this alleged data breach. "

The ICO has found several organisations in breach of the Data Protection Act for

failing to encrypt sensitive personal information and imposed monetary penalties

in the most serious of cases.

The most recent case at the end of May involved the Sheffield-based charity

Asperger's Children and Carers Together (ACCT) and Nottingham-based charity

Wheelbase Motor Project. Both charities lost laptops containing unencrypted

sensitive information relating to young people.

" When a machine contains highly sensitive information on literally millions of

patients, not securing the data on it by any means possible isn't just careless:

it's sheer negligence, " said McIntosh.

With the data on such a machine valued at tens of thousands of pounds, spending

a little extra on security should be a no-brainer, he says.

" London Health Programmes cannot claim it was ignorant of the dangers of

unencrypted machines and the risks of a loss. There has been a huge focus on IT

security recently, as incidents such as the Sony hac put ordinary consumers at

risk, " said McIntosh.

Nick Lowe, regional director Northern Europe at data security firm Check Point,

says the scale of this potential data loss shows how essential it is to have

mandatory, strong encryption on all sensitive, personal data on laptops and

portable storage devices, even if those devices are stored in supposedly secure

areas within buildings.

" But according to our December 2010 survey, less than half of all UK firms

encrypt their laptops - and that figure has not really changed in the past three

years - so data security is still being mostly left to chance, " he said.