This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Welsh medical practice hit by ICO after losing unencrypted memory stick

Share this article:

The Information Commissioner's Office (ICO) has found Lampeter Medical Practice in Ceredigion, Wales, to be in breach of the Data Protection Act after it lost an unencrypted memory stick containing the personal details of 8,000 patients.

A member of staff downloaded a database containing patient details to an unencrypted and non-password protected computer memory stick in contravention of practice policy. This was then posted by recorded delivery to the Health Boards Business Service Centre in March this year.

The memory stick did not arrive at its intended destination and is now accepted to be lost. Dr Rowena Mathew, head of Lampeter Medical Practice, has agreed to take remedial action by taking sufficient steps to ensure a security breach does not occur again. This includes ensuring all mobile devices including laptops and memory sticks are encrypted and physical security measures are sufficient and making staff fully aware of the organisation's data security policy.

Sally-Anne Poole, enforcement group manager at the ICO, said: “It is unnecessarily risky to download 8,000 personal details on to a memory stick. It is imperative that staff are made fully aware of an organisation's policy for securing personal data and any portable device containing personal information should always be encrypted to prevent it being accessed in the event of loss or theft. I am pleased Lampeter Medical Practice has agreed to take action to prevent a similar security breach happening again.”

The news comes just days after the ICO found West Berkshire Council to be in breach of the Data Protection Act, while the NHS was recently revealed to be the most prevalent reporter to the ICO of data breaches with 305 of 1,000 reports.

Pete Cubbin, COO at Stonewood, said: “The greatest losers in this affair are the 8,000 patients of Lampeter Medical Practice whose personal details have been exposed to whoever might pick up the missing memory stick. Relying on Royal Mail recorded delivery to keep such sensitive information safe is, quite frankly, ludicrous.

"We have been assured that measures are being taken to prevent a repeat of this; but remember that the NHS was recently singled out as the single greatest culprit in losing sensitive information, whether on patients or staff. With such a background, there should have been no chance whatsoever of this information being put in the post without being fully protected from prying eyes.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Shellshock: Millions of servers under attack

Shellshock: Millions of servers under attack

In the wake of Shellshock, end-users and security managers race to patch web servers and desktops, but may be forgetting vulnerable embedded devices.

Londoners agree to give child away in return for free WiFi

Londoners agree to give child away in return ...

Hundreds trapped and exposed by fake 'poisoned' WiFi hotspot.

Cybercrime-as-a-service the new criminal business model

Cybercrime-as-a-service the new criminal business model

A new report from Europol's European Cybercrime Centre (EC3) reveals that cybercrime is being increasingly commercialised, and by criminals who use legitimate services to hide their activities.