This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Welsh medical practice hit by ICO after losing unencrypted memory stick

Share this article:

The Information Commissioner's Office (ICO) has found Lampeter Medical Practice in Ceredigion, Wales, to be in breach of the Data Protection Act after it lost an unencrypted memory stick containing the personal details of 8,000 patients.

A member of staff downloaded a database containing patient details to an unencrypted and non-password protected computer memory stick in contravention of practice policy. This was then posted by recorded delivery to the Health Boards Business Service Centre in March this year.

The memory stick did not arrive at its intended destination and is now accepted to be lost. Dr Rowena Mathew, head of Lampeter Medical Practice, has agreed to take remedial action by taking sufficient steps to ensure a security breach does not occur again. This includes ensuring all mobile devices including laptops and memory sticks are encrypted and physical security measures are sufficient and making staff fully aware of the organisation's data security policy.

Sally-Anne Poole, enforcement group manager at the ICO, said: “It is unnecessarily risky to download 8,000 personal details on to a memory stick. It is imperative that staff are made fully aware of an organisation's policy for securing personal data and any portable device containing personal information should always be encrypted to prevent it being accessed in the event of loss or theft. I am pleased Lampeter Medical Practice has agreed to take action to prevent a similar security breach happening again.”

The news comes just days after the ICO found West Berkshire Council to be in breach of the Data Protection Act, while the NHS was recently revealed to be the most prevalent reporter to the ICO of data breaches with 305 of 1,000 reports.

Pete Cubbin, COO at Stonewood, said: “The greatest losers in this affair are the 8,000 patients of Lampeter Medical Practice whose personal details have been exposed to whoever might pick up the missing memory stick. Relying on Royal Mail recorded delivery to keep such sensitive information safe is, quite frankly, ludicrous.

"We have been assured that measures are being taken to prevent a repeat of this; but remember that the NHS was recently singled out as the single greatest culprit in losing sensitive information, whether on patients or staff. With such a background, there should have been no chance whatsoever of this information being put in the post without being fully protected from prying eyes.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google chairman sees future of 'unbreakable' encryption

Google chairman sees future of 'unbreakable' encryption

Google chairman Eric Schmidt believes that unbreakable encryption will become reality in 'our lifetime'.

Mobile flaw means 92% of Gmail accounts are hackable

Mobile flaw means 92% of Gmail accounts are ...

Researchers with the University of California's College of Engineering and the University of Michigan have identified a weakness they believe exists across Android, Windows and iOS operating systems that could ...

Heartbleed: Still a security risk

Heartbleed: Still a security risk

The Heartbleed security issue may be six months old, but it remains a major problem.