A laptop containing the details of thousands of HSE staff has been stolen in Dublin.

 

The theft took place on September 17th at the Carnegie Centre in Dublin's Lord Edward Street, however staff were not informed until 13 days after the incident.

 

The laptop reportedly contains the personal details of thousands of staff including their full names, details of their wages, their staff numbers and work areas and the data was not encrypted. There has been four HSE computers stolen this year, most recently a laptop, BlackBerry and data disk with the personal details of 1,150 people were stolen from the home of a senior medical officer in Public Health and Medicine a few weeks ago.

 

The details of 1,150 healthcare workers which were gathered for a survey on the provision of the influenza vaccine included consent forms with names, addresses, dates of birth, telephone numbers, GP names and data relating to the respondents' occupation were contained on the disc.

That laptop had an unencrypted password. After that theft, the HSE made a promise to prioritise and encrypt all devices containing personal and medically senstitive data within a month.

Gardai have been called in and the matter is now under investigation by both them and the Data Protection Commissioner. The HSE is undertaking a major review of all its computers to encrypt information so that similar thefts do not put confidential information into the hands of the thieves.

Loic Flaguel from Alcatel-Lucent, said: “With Irish laptop losses occurring so frequently, many now argue that these devices should be banned from holding any sensitive data at all - a knee-jerk reaction that would undermine years of progression towards a more flexible and responsive workforce.

 

“If people want 21st Century services, this just isn't an option - nor is relying upon workers, many with limited IT skills, to adhere to multiple safe computing regulations.

“Today laptop data loss is entirely preventable and therefore totally unacceptable. The tools now exist to lock-down mobile devices and avoid jeopardising confidential information, without resorting to banning mobile data. Taking these proactive security steps should be the number one priority for organisations to avoid future breaches of data security.”