This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Welsh medical practice hit by ICO after losing unencrypted memory stick

Share this article:

The Information Commissioner's Office (ICO) has found Lampeter Medical Practice in Ceredigion, Wales, to be in breach of the Data Protection Act after it lost an unencrypted memory stick containing the personal details of 8,000 patients.

A member of staff downloaded a database containing patient details to an unencrypted and non-password protected computer memory stick in contravention of practice policy. This was then posted by recorded delivery to the Health Boards Business Service Centre in March this year.

The memory stick did not arrive at its intended destination and is now accepted to be lost. Dr Rowena Mathew, head of Lampeter Medical Practice, has agreed to take remedial action by taking sufficient steps to ensure a security breach does not occur again. This includes ensuring all mobile devices including laptops and memory sticks are encrypted and physical security measures are sufficient and making staff fully aware of the organisation's data security policy.

Sally-Anne Poole, enforcement group manager at the ICO, said: “It is unnecessarily risky to download 8,000 personal details on to a memory stick. It is imperative that staff are made fully aware of an organisation's policy for securing personal data and any portable device containing personal information should always be encrypted to prevent it being accessed in the event of loss or theft. I am pleased Lampeter Medical Practice has agreed to take action to prevent a similar security breach happening again.”

The news comes just days after the ICO found West Berkshire Council to be in breach of the Data Protection Act, while the NHS was recently revealed to be the most prevalent reporter to the ICO of data breaches with 305 of 1,000 reports.

Pete Cubbin, COO at Stonewood, said: “The greatest losers in this affair are the 8,000 patients of Lampeter Medical Practice whose personal details have been exposed to whoever might pick up the missing memory stick. Relying on Royal Mail recorded delivery to keep such sensitive information safe is, quite frankly, ludicrous.

"We have been assured that measures are being taken to prevent a repeat of this; but remember that the NHS was recently singled out as the single greatest culprit in losing sensitive information, whether on patients or staff. With such a background, there should have been no chance whatsoever of this information being put in the post without being fully protected from prying eyes.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.