Patient details on stolen hard drives

3:50pm Tuesday 10th January 2012 in News

Confidential information belonging to tens of thousands of patients and staff were at risk of being exposed after computer hard drives were stolen and put up for sale on eBay.

The hard drives were taken from computers in a locked store at Brighton General Hospital where they were being decommissioned.

Brighton and Sussex University Hospitals NHS Trust now faces a £375,000 fine from the Information Commissioner’s Office (ICO) for a breach of the data protection act.

The trust says it will be contesting the fine.

A 36-year-old man from Seaford was arrested on suspicion of theft and bailed several times but the Crown Prosecution Service decided to take no further action.

The trust has been served with a notice of intent to fine by the ICO and has until January 23 to respond before a final decision is made.

The incident relates to the theft of 232 drives out of 1,000 being decommissioned.

The Sussex Health Informatics Service was responsible for the disposal of the drives on the trust’s behalf and had appointed an individual to carry out the job.

In December 2010 it emerged four hard drives had been bought by a data recovery organisation on eBay.

The buyer contacted the trust and the drives were collected with the information destroyed.

An investigation revealed that 232 hard drives in total had been stolen and sold on.

The trust worked with the ICO, NHS Counter Fraud and Sussex Police and all the drives have been recovered.

The trust says there was a very low risk of any of the data being passed into the public domain.

But the ICO accused the trust of failing to take appropriate technical and organisational measures against the accidental loss of personal data.

It said this was “likely to cause substantial distress to data subjects whose personal and highly sensitive personal data has been taken by an individual who had not right to see that information.”

Trust chief executive Duncan Selbie said: “This was a crime and we co-operated fully throughout."

More news from The Argus

Daily Echo on Facebook - facebook.com/southerndailyecho Like us on Facebook

Google+ Add us to your circles on Google+

Comments(4)

sussexguy says...
7:29pm Tue 10 Jan 12

"Brighton and Sussex University Hospitals NHS Trust now faces a £375,000 fine from the Information Commissioner’s Office (ICO) for a breach of the data protection act."

Which will be paid for by the taxpayers, of course, while the perpetrators will just get a ticking off.

Report this post »

NickBrt says...
8:54pm Tue 10 Jan 12

Thanks goodness one goes private.

Report this post »

Spanners says...
8:56am Wed 11 Jan 12

I dint really undertand this as - just for once it seems unfair on the Trust to be fined when they were, in effect, burgled from a locked store. Should be covered by insurance at very least, no ?

It seems a bit like if thieves break into my locked house and steal stuff - and then not only do the insurers refuse to pay out but the police hand me a fine !

I know it involves personal data and without a doubt Argus have only given a fraction of the complete picture....but even so

Report this post »

Not 2 Happy says...
5:47pm Wed 11 Jan 12

The error the NHS made was to think that broken hard drives can not be fixed. The hard hard that where on ebay where repaired hard drives and not from the 1000 that where recycled. The 1000 hard drives where taken apart infront of NHS staff (including a manager). 232 hard drives would be in the region of 110kg (not like you could just slip them out) The broken hard drives where purchased as scrap and then sold on when fixed. The 36 year person is being made a scape goat. The NHS should have made sure their broken hard drives where delt with in the same manor as their working hard drives, school boy error!!

From a 36 year old somewhere!!

Report this post »

click2find

About cookies

We want you to enjoy your visit to our website. That's why we use cookies to enhance your experience. By staying on our website you agree to our use of cookies. Find out more about the cookies we use.

I agree