GB NHS Central London 2011 Physical Action (Q9604)
From Open Risk Manual
A data breach risk event
Language | Label | Description | Also known as |
---|---|---|---|
English | GB NHS Central London 2011 Physical Action |
A data breach risk event |
Statements
43DE11F0-D9BB-4A4B-9C4D-E5E07E000EA2
January 2011
0 references
They include a major incident in 2011 in which a laptop containing details of 8.3 million patients was stolen from an unlocked store room at the headquarters of NHS Central London strategic health authority. A report on on the breach reveals that there was enough detail in the records to identify individual patients. Officials broke basic NHS security measures by using a laptop which was not encrypted, making it easy for strangers to access the data, which had been deleted but could be easily recovered. It states: The information downloaded to the laptop was disclosive data; the data downloaded (full postcode, age on admission, sex and ethnicity) could be used to identify an individual either directly or by linking to other publically available data. (English)