Laptops with 20,000 patients info stolen from London hospital

Sophos is reminding organisations of the risks of data loss and identity theft following news that six laptops, containing personal information about 20,000 NHS patients, have been stolen from St George’s Hospital in Tooting, London.

Sophos experts note that inadequate security policies left the data vulnerable, with the sensitive information being stored on the laptops on a temporary basis due to computer network problems at the hospital. 

Carole Theriault, senior security consultant at Sophos said:

Sensitive patient data should never be stored on portable computers. This should serve as a reminder of the damage that is done by poor attention to IT security policy. Organisations that are given the responsibility to store confidential personal details should invest in systems that make sure that this kind of information cannot be transferred to devices that may be compromised, putting not only the organisation, but also the individuals concerned at risk of ID theft.

St George’s Healthcare NHS Trust has said that information such as postcodes were password protected, but patient name and hospital number were shown on the records.