London Health Programmes, a branch of the NHS in the UK, has suffered one of the largest medical data breaches to date with the loss of a single unprotected laptop. A laptop with 8.6 million medical records has gone missing.
The laptop went missing in late May from a London Health Programmes storeroom, along with 19 other laptops, being reported 3 weeks later. The laptop was unencrypted and contained sensitive details for 8.63 million people, along with millions of other records on hospital visit information. Though the data did not include names, other information on the records could be use to identify individuals.
Though the laptop was password protected, it was not encrypted. It's also not clear why the laptop was being stored with such vast amounts of data, in a storeroom, nor whether the laptops were mislaid or stolen. Neither encryption nor physically locking up a laptop provides enough security protection for data. Research shows that only 2% of the cost of a stolen laptop is due to actually replacing it - so take a layered approach to data protection to proactively supplement your defences.
NHS does not have a strong history of data protection, with 165 security breaches reported to the ICO in 2010/2011. We've talked in the past about the issues surrounding healthcare and data breaches here.