I got a call this morning from BBC Radio Lincolnshire, asking me to go on their news programme. Tim, the researcher who rang me, told me that memory sticks containing the confidential details of 26,000 patients had been lost in the county.
That in itself wasn’t news, as the USB drives were first reported missing back in the summer, but it has only now been revealed that the devices contained the names, addresses, phone numbers, and NHS referral details of 26,000 people who had participated in NHS Lincolnshire’s Smoking Cessation scheme.
A spokesperson for the NHS told the BBC that most of the information could be found from public sources such as the electoral roll and the telephone directory.
Well, excuse me, but my phone book doesn’t list everyone’s NHS number.
Yes, a lot of information can be gleaned regarding individuals if you manage to access the electoral roll or birth registry, but having it available in electronic format on a memory stick certainly makes things much more convenient for an identity thief.
We can hope that the lost sticks might be lost somewhere in a washing machine or down the back of an armchair, but there is always the risk that they might fall into the hands of the unscrupulous. As we described in our recent Security Threat Report 2009, the incidents of data loss – whether it be accidental or otherwise – are on the rise, and all organisations should put proper controls in place to minimise the impact.
* Image source: bachmont’s Flickr photostream (Creative Commons 2.0)