Queen Mary's Sidcup Hospital microfiche film goes missing
Technorati Tag: Security Breach
Date Reported:
1/16/08
Organization:
Queen Mary's Sidcup NHS Trust
Contractor/Consultant/Branch:
None
Victims:
Employees of Queen Mary's Hospital from 1974 through 1996
Number Affected:
"thousands"
Types of Data:
"may include names, addresses, National Insurance numbers, bank details and job titles"
Breach Description:
Confidential personal information belonging to workers employed by Queen Mary's Hospital from 1974 to 1996 is reported missing after a microfiche film containing the information turned up missing from a secure room at the hospital. Along with the missing film was the machine used to read it.
Reference URL:
The News Shopper online story
BBC News story
Report Credit:
Linda Piper, News Shopper
Response:
From the online sources cited above:
PERSONAL information about thousands of workers at Queen Mary's Hospital, Sidcup, has gone missing.
The information, which may include names, addresses, National Insurance numbers, bank details and job titles, disappeared while being held in a secure room at the Frognal Avenue hospital.
The data, all contained on microfiche film, was due to be moved to another secure site within the hospital when it was discovered the film, and a microfiche reader, were missing.
Acting chief executive Lorraine Knight says the information related to staff working at the hospital between 1974 and 1996 and was due to be destroyed.
Some of the film had been recovered, but most of it was still missing.
some of it was payroll information, but there were also a number of leavers' forms
[Evan] I had no idea what a "leaver's form" was. I had to look it up. For the U.S. readers that don't know, a leaver is exactly what the word implies, a person who "leaves". Makes sense.
It is not known whether the film was stolen or has just been lost.
[Evan] According to the next excerpt, the hospital conducted two internal investigations and still could not find the film.
The discovery was made at the beginning of October and since then the hospital says it has conducted two internal investigations, which have failed to turn up the missing film, or any clue to its whereabouts.
[Evan] Was this two (up to 3) months to conduct an investigation into a missing microfiche, before notifying the persons affected? If so, that seems too long. I can understand (not agree with, but understand) the missing microfiche film because they are small, but isn't a microfiche reader typically bulky (like the one below)? There is no mention if the reader was found.
Bexley police have been informed
there is no evidence the room where the records had been stored had been broken into
police have advised the hospital it is unlikely the information has fallen into the wrong hands.
[Evan] If the information is not in the hands of the owner or the custodian, then whose hands is it in?
Queen Mary's says it has now set up new policies and rules for storing, retaining and disposing of data.
[Evan] Excellent. Hopefully they are well-written.
There will also be extra training for staff who handle confidential information.
[Evan] Excellent again! The next step after writing (with executive sponsorship) policy and procedure is to train the people affected.
A helpline has been set up for present and former staff whose personal details may be on the films and will be open Monday to Friday from 10am to 3pm on 020 8309 0247
The hospital is also writing to staff, who are advised to check their bank accounts and inform both their bank and the police if there have been any suspicious transactions
Commentary:
It's not very often anymore that microfiche containing sensitive personal information is reported lost or stolen. I wonder what happened to all of those microfiche films and readers that I used in the library growing up. I just called my county library, and they don't have them anymore. The lady at the library seemed a little taken aback by the question.
No matter how confidential information is stored; paper, electronic, or on microfiche, it still requires the same level of protection. In this case, the hospital was storing the films in a "secured" room when they went missing. The definition of "secured" obviously varies from person to person, but at the end of the day the information is still missing. I was pleased to read that the hospital has written new policies to address data storage and disposal and even more pleased to read that they were training their staff.
Past Breaches:
NHS:
January, 2008 - Stockport Primary Care Trust flash drive goes missing
January, 2008 - Oldham Primary Care Trust NHS loses two data sticks
January, 2008 - Medical information found in the road
December, 2007 - Laptop stolen from Royal Bolton Hospital NHS
September, 2007 - Dudley Group of Hospitals NHS hard drives for sale on eBay
Date Reported:1/16/08
Organization:
Queen Mary's Sidcup NHS Trust
Contractor/Consultant/Branch:
None
Victims:
Employees of Queen Mary's Hospital from 1974 through 1996
Number Affected:
"thousands"
Types of Data:
"may include names, addresses, National Insurance numbers, bank details and job titles"
Breach Description:
Confidential personal information belonging to workers employed by Queen Mary's Hospital from 1974 to 1996 is reported missing after a microfiche film containing the information turned up missing from a secure room at the hospital. Along with the missing film was the machine used to read it.
Reference URL:
The News Shopper online story
BBC News story
Report Credit:
Linda Piper, News Shopper
Response:
From the online sources cited above:
PERSONAL information about thousands of workers at Queen Mary's Hospital, Sidcup, has gone missing.
The information, which may include names, addresses, National Insurance numbers, bank details and job titles, disappeared while being held in a secure room at the Frognal Avenue hospital.
The data, all contained on microfiche film, was due to be moved to another secure site within the hospital when it was discovered the film, and a microfiche reader, were missing.
Acting chief executive Lorraine Knight says the information related to staff working at the hospital between 1974 and 1996 and was due to be destroyed.
Some of the film had been recovered, but most of it was still missing.
some of it was payroll information, but there were also a number of leavers' forms
[Evan] I had no idea what a "leaver's form" was. I had to look it up. For the U.S. readers that don't know, a leaver is exactly what the word implies, a person who "leaves". Makes sense.
It is not known whether the film was stolen or has just been lost.
[Evan] According to the next excerpt, the hospital conducted two internal investigations and still could not find the film.
The discovery was made at the beginning of October and since then the hospital says it has conducted two internal investigations, which have failed to turn up the missing film, or any clue to its whereabouts.
[Evan] Was this two (up to 3) months to conduct an investigation into a missing microfiche, before notifying the persons affected? If so, that seems too long. I can understand (not agree with, but understand) the missing microfiche film because they are small, but isn't a microfiche reader typically bulky (like the one below)? There is no mention if the reader was found.
Bexley police have been informed
there is no evidence the room where the records had been stored had been broken into
police have advised the hospital it is unlikely the information has fallen into the wrong hands.
[Evan] If the information is not in the hands of the owner or the custodian, then whose hands is it in?
Queen Mary's says it has now set up new policies and rules for storing, retaining and disposing of data.
[Evan] Excellent. Hopefully they are well-written.
There will also be extra training for staff who handle confidential information.
[Evan] Excellent again! The next step after writing (with executive sponsorship) policy and procedure is to train the people affected.
A helpline has been set up for present and former staff whose personal details may be on the films and will be open Monday to Friday from 10am to 3pm on 020 8309 0247
The hospital is also writing to staff, who are advised to check their bank accounts and inform both their bank and the police if there have been any suspicious transactions
Commentary:
It's not very often anymore that microfiche containing sensitive personal information is reported lost or stolen. I wonder what happened to all of those microfiche films and readers that I used in the library growing up. I just called my county library, and they don't have them anymore. The lady at the library seemed a little taken aback by the question.
No matter how confidential information is stored; paper, electronic, or on microfiche, it still requires the same level of protection. In this case, the hospital was storing the films in a "secured" room when they went missing. The definition of "secured" obviously varies from person to person, but at the end of the day the information is still missing. I was pleased to read that the hospital has written new policies to address data storage and disposal and even more pleased to read that they were training their staff.
Past Breaches:
NHS:
January, 2008 - Stockport Primary Care Trust flash drive goes missing
January, 2008 - Oldham Primary Care Trust NHS loses two data sticks
January, 2008 - Medical information found in the road
December, 2007 - Laptop stolen from Royal Bolton Hospital NHS
September, 2007 - Dudley Group of Hospitals NHS hard drives for sale on eBay
Posted by Evan Francen at 1/22/2008 12:12 PM 
Categories: NHS Trust, Queen Mary's Sidcup Hospital, Lost Tape
Categories: NHS Trust, Queen Mary's Sidcup Hospital, Lost Tape
Posts Atom 1.0
Comments