Thieves break hospital security to take laptops
- 19 June 2008
Six laptop computers, containing the data of around 20,000 patients have been stolen from a London hospital by thieves who broke into a locked cabinet in a secure room.
The laptops were updated with the patient data following problems with a central computer network at St George’s Healthcare NHS Trust and were stored in offices at the St George’s Hospital in Tooting.
The patient data was password protected with personal information hidden, although the patient’s name and hospital number is visible. A trust spokesperson told E-Health Insider that the data was not encrypted. She added that a police investigation was underway into the theft.
In a statement, the trust said: “Six laptop computers were stolen from offices in Atkinson Morley Wing of St George’s Hospital, Tooting during the weekend between Friday evening (6 June) and Monday morning (9 June) when the theft was discovered.
“The trust immediately contacted police and are working with them on their investigation. The laptops were stored in a secure room in a locked cabinet which appears to have been broken into by force.”
Whilst initial police investigations were underway, the trust waited a week before writing to each of the patients whose data was on the laptop, apologising for the potential risk to their confidentiality. A trust spokesperson told EHI the delay was to allow police time to thoroughly investigate the theft.
The statement said: “The laptops contain information about some 20,000 patients, including their name, date of birth and postcode. The trust acknowledges that patient data should not have been stored on laptops.
“This was done as a temporary measure because of a problem with the computer network. However, the laptops were in a secure area under lock and key. The data was being used to monitor and reduce waiting times at the hospital.”
The trust has begun an internal investigation into the theft and pledged to immediately implement any recommendations regarding security.
Chief executive, David Astley, said: “We offer all our patients our sincere apologies for putting their confidential information at risk, although we could not anticipate a determined thief who was prepared to force open a filing cabinet and locked drawers to get to the laptops.
“We believe the data will almost certainly be wiped by the thief so he can get a quick sale. None the less we owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future. We have also set up a helpline for patients to ring for further information.”
The chief executive assured patients that no patient records were missing at the trust and treatment plans would remain unaffected.
“We have not lost any patient data as a result of this incident as the trust still holds their records on a secure central system. This theft will not disrupt any treatments or appointments planned for the patients affected,” he said.
One affected reader told EHI the lack of communication from the trust about the theft deeply concerned them.
“It is beyond belief that they would wait a whole week before telling us that someone could have my medical details in front of them, and know all of my personal details. We should be told about these things straight away, it is after all our data. It deeply concerns me that this seems to have been overlooked by the trust,” she said.