Highly sensitive medical information found in the road
Technorati Tag: Security Breach
Date Reported:
1/10/08
Organization:
Kingston Hospital NHS Trust
Contractor/Consultant/Branch:
None
Victims:
Patients
Number Affected:
Unknown*
*A total of 173 documents were discovered
Types of Data:
"private medical details" including HIV, cancer, sexual disease, and hepatitis test results and information on people attending conception and addiction clinics.
Breach Description:
On Friday January 4th, 2008 a motorbike bag was discovered in the street near the Kingston Hospital. The bag held hundreds of documents containing sensitive medical information belonging to a variety of patients.
Reference URL:
BBC News Story
The Hastings Observer Story
Report Credit:
BBC News
Response:
From the online sources cited above:
Hundreds of documents containing HIV and cancer test results have been found on a street in south-west London.
The 173 private medical documents, which were discovered in a motorbike bag near Kingston Hospital last Friday, were handed over to a local newspaper.
[Evan] I'm a little concerned with whether or not the local newspaper is the correct place to go with the sensitive information.
A Kingston Hospital spokeswoman said test results were only recognisable by a unique number but said all patients would receive written apologies.
[Evan] This mitigates the risk. Hopefully only authorized personnel understand the number to patient name correlation.
Many of the documents which have been sent to Queen Mary's Hospital in Roehampton and the Roehampton Clinic, also included information on those attending conception and addiction clinics, as well as sexual disease and hepatitis test results.
"We take the loss of any patient information very seriously, and all the patients involved will be written to personally offering sincere apologies,"
the hospital could not explain how or when the data protection breach occurred
Commentary:
A motorbike bag full of sensitive medical information is found in the street and nobody knows how it got there? I have more questions about this breach than I do answers. This breach could have been very damaging to the victims if anyone were able to tie the "unique number" back to a patient name. You don't suppose that the "unique number" is the National insurance number?
Using unique identifiers other than National Insurance (UK) or Social Security (US) numbers adds some protection in this case.
Past Breaches:
December, 2007 - Laptop stolen from Royal Bolton Hospital NHS
September, 2007 - Dudley Group of Hospitals NHS hard drives for sale on eBay
Date Reported:1/10/08
Organization:
Kingston Hospital NHS Trust
Contractor/Consultant/Branch:
None
Victims:
Patients
Number Affected:
Unknown*
*A total of 173 documents were discovered
Types of Data:
"private medical details" including HIV, cancer, sexual disease, and hepatitis test results and information on people attending conception and addiction clinics.
Breach Description:
On Friday January 4th, 2008 a motorbike bag was discovered in the street near the Kingston Hospital. The bag held hundreds of documents containing sensitive medical information belonging to a variety of patients.
Reference URL:
BBC News Story
The Hastings Observer Story
Report Credit:
BBC News
Response:
From the online sources cited above:
Hundreds of documents containing HIV and cancer test results have been found on a street in south-west London.
The 173 private medical documents, which were discovered in a motorbike bag near Kingston Hospital last Friday, were handed over to a local newspaper.
[Evan] I'm a little concerned with whether or not the local newspaper is the correct place to go with the sensitive information.
A Kingston Hospital spokeswoman said test results were only recognisable by a unique number but said all patients would receive written apologies.
[Evan] This mitigates the risk. Hopefully only authorized personnel understand the number to patient name correlation.
Many of the documents which have been sent to Queen Mary's Hospital in Roehampton and the Roehampton Clinic, also included information on those attending conception and addiction clinics, as well as sexual disease and hepatitis test results.
"We take the loss of any patient information very seriously, and all the patients involved will be written to personally offering sincere apologies,"
the hospital could not explain how or when the data protection breach occurred
Commentary:
A motorbike bag full of sensitive medical information is found in the street and nobody knows how it got there? I have more questions about this breach than I do answers. This breach could have been very damaging to the victims if anyone were able to tie the "unique number" back to a patient name. You don't suppose that the "unique number" is the National insurance number?
Using unique identifiers other than National Insurance (UK) or Social Security (US) numbers adds some protection in this case.
Past Breaches:
December, 2007 - Laptop stolen from Royal Bolton Hospital NHS
September, 2007 - Dudley Group of Hospitals NHS hard drives for sale on eBay
Posts Atom 1.0
Comments