Stolen NHS laptop contained details of 11,500 children

March 27, 2007

By Tash Shifrin

An NHS primary care trust has launched an investigation after a laptop containing names, addresses and dates of birth of 11,500 children was stolen from its offices.

Nottinghamshire Teaching PCT chief executive Wendy Saviour said three laptop computers were stolen on Wednesday 21 March, one of which held the data on child patients aged between eight months and eight years.

"We are working closely with the police to investigate this theft and to recover the stolen computers,. Saviour said. "There was no health information or other details on the stolen computer. The information was protected by a password, which reduces the chances of anyone being able to see the information."

But the PCT was unable to explain why the confidential information on thousands of children was held on the laptop. In a statement, the PCT said: "This is a matter that is currently under investigation and we wouldn't want to pre-empt the outcome of that ongoing investigation."

Saviour added: "I would like to reassure the public that this matter is being fully investigated and we are taking every step to prevent this happening again in the future. Action will be taken to ensure that lessons are learned. We are very sorry for any difficulties that this may cause and greatly regret that this theft has happened."

The PCT said it had procedures to make confidential information as safe as possible, and that all staff were made aware of and are required to comply with the procedures. A spokesperson could not confirm whether teh laptop was protected by any security measures other than a password.

Gary Clark, EMEA vice=president of security firm SafeNet said: "It is of extreme concern that access to a stolen laptop containing the details of 11,000 young children was protected by nothing more than a password."

The use of passwords alone was "woefully inadequate", he added. "Passwords need to be reinforced with stronger authentication. Encrypting the data and using smart cards or USB tokens to unlock the laptop will reduce the risk of unauthorised access."

"Our own survey of 1,200 security professionals across the public and private sector shows that only 44% of laptop data is protected. We can accept that random thefts and losses of laptops are inevitable, but we cannot and should not accept that the data on stolen items is virtually unprotected and just one step away from falling into the wrong hands."

The theft from PCT offices at Sherwood Forest Hospital is understood to have followed a break-in through a window. Most of the site is covered by CCTV and the trust also employs security guards.

But the PCT said it was carrying out "a full review of our current building security and information security precautions, and mandating further training to staff."

The PCT has written to nearly 10,000 affected families and a helpline has been set up.

main page ATTRITION feedback