Medical data on over 6000 prisoners lost on USB stick

Filed Under: Data loss

More than 6,000 prisoners and ex-inmates from Her Majesty's Prison Preston, Lancashire, have had their personal medical details exposed by the loss of a memory stick, according to media reports.

The memory stick carried data relating to 6,360 prisoners who have been treated by local health workers since 2000.

In scenes worthy of a Whitehall farce it was revealed that although the data on the lost USB flash drive was encrypted, the password to unlock the encryption was written on an attached note.

Data held on the memory stick included data on the prisoners' ailments, such as diabetes, asthma, mental health and sexual health. Furthermore, the flash drive contained documents, including details such as prisoner surnames, their age range, cell location, prison number and clinic appointment times.

When people are sent to prison we expect them to be put under lock-and-key, with no chance of accidental release. It's a shame we can't seem to expect the same level of security when it comes to their personal information.

In this case the security of the device appears to have been utterly ham-fisted - with the benefit of encryption completely undone by the lax attitude to keeping the password secret.

* Image source: Nedko's Flickr photostream (Creative Commons 2.0)

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.