back to article 8m health records go walkabout

A London health authority has admitted losing a laptop which contains 8.6 million health records. The machine was lost three weeks ago, but has only just been reported missing to police and the Information Commissioner's Office. We've asked North Central London health board why it needed to store 8.63 million health records …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    What, again !!

    I can't believe that once again, private information has been pinched ("lost from a storeroom") - what a load of bullsh*t. Password protected can be got around; it needs proper encryption. I guess the saving grace (if true) is that no names were on there. As a slightly unrelated side note I did some work for the MoD but at lunchtime everyone disappeared leaving me alone with many computers with no screen saver passwords. I'm so glad we've got a good secure defence strategy.

    1. Anonymous Coward
      Anonymous Coward

      no names = good?

      Seems to me like the rest of that info, used sensibly, could be way better than a mere name for identifying somebody.

    2. Anonymous Coward


      "our policy is to manually delete the data from laptops after the records have been processed"

      They were lost from a storeroom, so that policy was apparently not being followed then was it?

  2. Tom 15

    So basically...

    So basically this is a non-story?

  3. Marky W

    See icon

    I mean, what else is there to say?

    1. Marvin the Martian

      "See icon -- What else is there to say"

      Well... you don't *have* to say anything.

      Especially for a lightweight story --- a Daily Fail worthy "blackmailer's starter kit", but on 8 million nameless records. Yes, a statistician can get some correlations out of it, but I'd like to see the resulting blackmail.

      <<Dear Sir/Madam, as a male resp. female from London N7 you have a 12% resp. 9.5% chance of mental health problems, and 3.2% resp. 3.1% chance of diabetes --- give us £500 or we'll write a letter addressed to "Any Woman on this address" resp. "Any Man on this address".>>

      1. The Fuzzy Wotnot

        It does actually...

        So then you know how higher incidence of a complaint over others, next thing funding gets shifted?

        It doesn't matter that 95% of statistics are utterly useless, it matters that you have them. With stats comes power, usually power to subvert funds from one application to another. The stats are total bollocks but if you're clever enough to blind those with the purse strings you get to drive a big car and live in a big house!

      2. Juillen 1


        A postcode covers a very small segment of houses.

        In those houses, there will be a limited amount of people with the correct ages and genders.

        This information is generally available from a variety of places (council records etc).

        Given the spread of data, you'll be able to determine the date at which the data was captured, giving you the definite ages of people now.

        This kind of info is highly embarrassing for people who wish to keep past mental history away from the limelight, and other health information.

        It's no great shakes to uniquely identify someone from a list like this.. Unless it's all been correctly pseudonymised, such that the laptops only contain tokens for the postcodes (and possibly ages) that can only be accessed by coupling the research back to an originating data set as the final point of calculation.

  4. b-a-r-k-i-n-g-m-a-d

    Truecrypt anyone?

    Have none of these muppets heard of TrueCrypt??

    1. Still Water

      Truecrypt... great, as long as the user doesn't leave the decryption password on a post-it/sticker on the laptop case/keyboard...

      IT security is only as good as the users who have to use it.

  5. Daf L


    "NHS North Central London operates under strict data protection guidance and is taking the matter extremely seriously."

    Hmmm... every company works under strict data protection *laws*, whether you choose to comply with them, as NHS Central London clearly do not, is another thing.

    1. mark 63 Silver badge


      true, they just couldnt be arsed.

      also i believe the NHS head office or whatever has forked out for an encryption solution for the entirety of the NHS , this office could have used that at no cost to them.

  6. Anonymous Coward

    Can anyone recommend a good health provider?

    So, does anyone know of a health provider that takes data security seriously? Preferably one that still uses paper records. (You can't easily walk out the building with 8.6 million paper records, then accidentally leave them lying around on a bus).

  7. Oliver Mayes

    Lets analyse this statement a bit shall we?

    "All the laptops were password protected"

    means - We created an account in Windows with a username and password of admin/admin.

    "our policy is to manually delete the data from laptops after the records have been processed."

    means - We require staff to spend time doing something boring and long winded, ensuring that no-one bothers.

    "We have started an investigation into the issues raised by the loss."

    means - We are paying a consultancy agency several hundred thousand pounds to recommend that we start using encryption.

  8. Trollslayer
    Thumb Up

    I usually disapprove of swearing

    but in this case I think you were very restrained.

    Sadly I doubt the ICO will do anything useful.

  9. Anonymous Coward
    Anonymous Coward

    ICO springs into inaction.

    I bet the ICO are urgently preparing "words of advice" as we speak

  10. The Reaper

    Bit misleading wot

    Sensationalist bollocks...these were anonymous records. I'm more concerned that the NHS is losing so many laptops!

    1. smudge

      May be anonymous, but...

      ...postcode, age, gender, hospital visits, mental illness, etc.

      You can deduce a hell of a lot from a database. Suggest you look up "database inference".

    2. Anonymous Coward

      re a bit misleading


      because re-identification of records from age (probably also date of birth) and postcode is impossible. So patient''s HIV status or record of mental health problems are completely safe.



    3. Anonymous Coward
      Anonymous Coward


      "The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses"

      Anonymous? How many of your neighbours share your birthdate and gender?

    4. This post has been deleted by its author

    5. Martin Milan


      Erm, no.

      Find someone with a nice embarrassing condition - now then - how many people share that postcode? Let's say 20. How many are men? Ok, let's say 8. How many are 43 years old? You do see where I'm going here, don't you?

      Or maybe you'd like something a little more sinister - Pick a celeb, start with postcode etc etc. Would anyone put this past the tabloid press?

      Not feeling quite so smug now, are ya?

  11. Anonymous Coward

    People should be fired..

    Fines don't work (it will be the tax payer who ends up paying anyways) ; kick out the management and make an example of them all.

    The story doesn't make much sense, "One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed"

    "The machine was one of 20 lost from a storeroom".. So why wasn't the data deleted? How many more machines are lying around that health authority with data on them?

  12. nichomach

    Wait, what...?

    Contrast the following statements:

    "All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed."


    "The machine was one of 20 lost from a storeroom at London Health Programmes - a research body based at NHS North Central London"

    So the machine was obviously inactive and stored. If the policy is to delete the data after processing, how the holy fuck could it have 8.6m records on it? Answer: their response is bullshit; said policy's an arse-covering piece of paper that no-one actually reads, let alone enforces. Dammit, how hard is it to DBAN a laptop when it comes back in and reimage it before reuse?

    1. Anonymous Coward

      Re: Wait, what...?

      I stuck on this same point as well, why are there 8.6m records on a machine that isn't assigned to anyone and is stored? If the machine haven't been stolen, then you can be sure the _next_ user would have had access to those same records. For that matter... the stores people would have had access to that data if one of the staff wanted to use the machine for some _none officially_!

  13. Fuh Quit

    Why the fcuk indeed

    TrueCrypt is free if they're really worried.

    Why oh why does any business (or individual) with a laptop not encrypt the contents. Completely.

    At least there's some security by obscurity - Mrs Moggin's corrective procedure for arse grapes will take a while to find.... :-o

    1. Sir Cosmo Bonsor


      So everything on *your* laptop is encrypted and then decrypted every time you do anything on it?

      Even if you say "yes", I don't believe you.

      1. Anonymous Coward
        Anonymous Coward

        Disk Encryption

        Perhaps it's time for you to upgrade from your 286 and discover the power of 32-bit computing!

      2. Anonymous Coward
        Thumb Up

        mine is

        yes mine is, using the NHS's UK-wide site-licence,

        why these muppets didnt use it who knows?


      3. nichomach

        Look, that's not EXACTLY a big ask...

        ...given that Truecrypt and many commercial products do whole disk encryption; the disk is encrypted, and unscrambled when the user either provides the password or some form of token (biometric, smartcard, whatever). It's policy here now that all laptops are encrypted before issue, so yes, everything on the laptop *is* encrypted and then decrypted before being worked on. Whatever you may believe.

      4. Anonymous Coward


        TrueCrypt and other file / container based encryption solutions only encrypt the files / directories you want. If an application saves data outside that path, it is unencrypyted.

        My corporate has two HDD's, both encrypted with "Full Disk" encryption from Check Point.

        Even the boot sector, page file, operating system, temp files area and empty space are encrypted - therefore there is no opportunity for sniffing information from anywhere.

        Performance impact...? Well you need dedicated testing equipment to tell but it is between 0.5 to 2% - not enough for the user to notice.

      5. Anonymous Coward
        Thumb Up

        Mine is

        Full disk encryption takes care of that, not like you have to manually decrypt the file and then re-encrypt it.

        Kinda think you might not have looked into the range of encryption solutions available

        1. Chris1984

          Truecrypt and USB

          You can even set truecrypt to automatically decrypt and mount an encrypted USB stick using the password that is entered on boot-up - so easy for users now there is no excuse!

      6. Cyberspice

        Yes my entire drive *is* encrypted

        Er, yes, yes everything I do is on an encrypted drive.

        What's wrong with that?

  14. Scott Broukell

    Actually ....

    I've lost a few National Health records myself - the vinyl ones that Dave Stewart and Alan Gowen (and others) were responsible for.

    Note to self - Don't put all your EGGs in one basket. (gettit ;-))

  15. Justin Bennett

    Is it about time

    That the government laid down some standards on data usage & storage... especially that they DO NOT carry such data on laptops but can terminal onto a server via VPN with crypto & good security to process it on internal systems ^o)

    1. smudge
      Thumb Up

      They have done...

      ... a few years ago, and that's exactly what it says. Look for IAS 6 - Information Assurance Standard No. 6.

  16. Dave Murray

    Doesnt add up

    strict data protection guidance...

    delete the data from laptops after the records have been processed...

    was one of 20 lost from a storeroom...

    So why did a laptop in a store room have these records on it if they should be deleted after processing? Surely if it was in a store room it was no longer being used and should have had all data wiped?

  17. CT

    policy, procedure, implementation

    "our policy is to manually delete the data from laptops after the records have been processed"

    "The machine was one of 20 lost from a storeroom"

    It was in a storeroom, waiting for records to be processed?

  18. Dave Bell

    It's OK, it's all "alleged"

    That response is an arse-covering load of crap.

  19. Barry Tabrah

    Laptop passwords have one great weakness

    Post-It Notes.

  20. Anonymous Coward

    Anyone who thinks that 'concerning' is an adjective

    should not be a spokesperson for the ICO or any other body.

  21. Anonymous Coward

    How the hell did this happen?

    I'm an NHS IT support worker. (Don't laugh!)

    The Trust I work for was told several years back from the very top of the tree (the information overlords of the NHS) that ALL mobile devices are to be encrypted. Our Trust has carried this out, as I'm sure have lots of others (otherwise it's balls in the vice time) ... so how the hell has this happened.

    Anon cos of concerns about my job.

  22. Paratrooping Parrot

    Alternative to fines

    Rather than fining the health authority, all the money used to pay the fine will come from the NHS money that is supposed to be for treatment. Give a few month's salary of the muppets who have responsibility of the laptop. Therefore they will have to explain to their families why they have no pay for a few months. This will drive the message into their brains.

  23. Destroy All Monsters Silver badge

    Sounds like a "testing database" to me

    I have seen it all...

  24. Anonymous Coward

    NHS Spine Stuff?

    Is this the reality of that NHS Spine stuff? Is this the kind of security that our Detailed Records (the ones you can't opt out of) are subject to?

  25. Jonathon Desmond

    TrueCrypt? Why go to that much heartache....

    Why don't they just use the McAfee end point software that the NHS centrally licensed some years ago? ( I know the agreement has ended, but the organisations still own the licenses! )

    TrueCrypt is fine if you want everyone to be an administrator. Oh wait..... that's bad too.

    Absolutely NO excuse for an unencrypted laptop though. Someone should be fired.

  26. Anonymous Coward
    Black Helicopters

    Not Annonymous Data

    "The records contain no names but do include other identifying information like age, gender, postcode, medical history, hospital visits, HIV status and mental illnesses."

    If this is the full postcode, then they are normally specific to about 15 houses. So it becomes rather easy to tie together age, gender and postcode, with other public data like the electoral roll, to get a list of 1 or 2 possible people for each record.

    1. Angus 2


      I was wondering how you could get any useful information just having a postcode, your mentioning full postcodes makes much more sense now. Being from OZ our post codes encompass (what sounds like) a much larger area and in many metropolitan areas could cover many tens of thousands of people.

  27. ForceMajeure

    Flagstone HDDs anyone?

    Flagstone HDDs, rock solid but very pricey and users can still leave a post-it note with password on it stuck to the laptop lid... :-/

  28. Anonymous Coward
    Black Helicopters

    Yet, they threaten me with eviction if..

    ..i dont let their staff keep records of me on their flaky system.

    It explains why I recieved this letter today, the important part here being:

    "I understand this is due to your reluctance to have any information recorded on our computer system, RiO. However I am concerned that this means we can no longer see you to assess you mental health needs, and inturn, cannot provide a service to you.

    Although this is your choice and right to decide, I believe part of the criteria for residing at XXXXXX is that you have a Care Co-ordinator and are seen by the community mental health team for support"

  29. Big Al


    AC writes: "If this is the full postcode, then they are normally specific to about 15 houses"

    Fifteen? Heck, in some cases a UK postcode may be specific to just two houses!!! (I used to live in a detached house that shared its postcode only with next door).

    Agree that it's not like in some other countries where the postcode is a whole district or even town, which makes this loss far more worrying than might otherwise appear to be the case.

  30. Alan Brown Silver badge


    No doubt by dragging to the windoze trash bin and thinking that's the end of it.

    Others have pointed out that NHS rules are already there (dictat from on high) and as such the people responsible for this should be facing disciplinary action

    Of course it'd take an extra paragraph in the data privacy law adding personal responsibility for this kind of loss to make most people sit up and take notice - being sent to some mandatory sleep session about data practices isn't as strong a wakeup call as being landed with a 5,000 pound fine.

  31. Adrian Midgley 1
    Thumb Down

    Making big collections

    is a bad idea, and usually without merit.

  32. Winkypop Silver badge

    Data - Shmata

    If you've got nothing to hide....

    1. Fred 24


      Wear clothes and have curtains at home do you? must have something to hide then...

This topic is closed for new posts.

Other stories you might like