One of the many London health authorities have recently admitted to the ‘loss’ of a laptop containing a massive 8.63 million health records. The laptop is completely unsecured and while it doesn’t contain any names on the information, it does contain information on age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses. Combine this with a little bit of sleuthing and it’s 8.63 million cases of blackmail waiting to happen. How exciting.
They sent the following message to The Register: ‘NHS North Central London is investigating the loss of a number of laptops. One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All of the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed. We are liaising with the office of the Information Commissioner.’
20 laptops were lost in total, and while 8 have been recovered, the other 12 are still out there. One pictures 20 laptops taking up a significant amount of room, so losing all of them would appear to be a hugely difficult feat to accomplish. The ICO will be ‘making enquiries’ in order to establish the full facts of the data breach. There do appear to have been a rather significant number of data breaches over the past few months or so, and this is a relatively small one compared to some of the others. Still- anonymous data can be fairly easily turned into very personal data, and it’s unlikely the ICO will take a lenient approach to its enquiries. Good luck to them.