The device was last seen in a room in an NHS facility in North Central London and was missing for three weeks before being reported to authorities. According to reports, the laptop’s information is password-protected but not encrypted and contains patients’ gender, age, medical history, but not names.
An article in The Sun claims the computer is one of 20 that went missing from a storage room in the facility. Eight of those have been recovered and a search continues for the remaining 12. It’s unclear if the machines have been stolen or lost.
One of the largest publicly funded health care systems in Britain, the NHS has had a checkered past to say the least. In 2010 it was found responsible for nearly a quarter of the incidents reported to the Information Commissioner’s Office (ICO), a watchdog group appointed to uphold security and data privacy in the UK.
Two such incidents occurred last June when the NHS’ Stoke-on-Trent Trust lost or misplaced records on 2,000 patients and the North Hampshire Trust accidentally e-mailed patients’ unencrypted pathology results to another department. The ICO called the organization out for its lax data security in a press release exactly one year ago. (.PDF)
Earlier this year a laptop was lost by a BP employee with sensitive information of nearly 13,000 people. Like the NHS’ predicament, the information was also password protected but not encrypted.
As breaches grow more frequent, in the US, lawmakers continue to mill over a legislative reaction. A potential data breach notification law that’d require companies to alert their customers within 48 hours in events like these is scheduled to be discussed at a hearing today.