A laptop containing hospital records of over eight million people has gone missing, according to a report in The Sun.
The laptop was one of 20 that have gone missing from a store room at London Health Programmes, based at the NHS North Central London health authority. According to the report eight have been recovered with the search ongoing for the other 12. The loss occurred three weeks ago but has only just been reported to the police, according to the report.
One of the missing laptops contained sensitive details of 8.63 million people as well as records of 18 million hospital visits, operations and procedures.
Although the missing data does not include names it does contain postcodes and details such as gender, age and ethnic origin, according to The Sun. Details of cancer, HIV, mental illness and abortions were also contain in the records.
Information contained on the laptop was not encrypted, which Nick Lowe of security firm Check Point described as "essential" to safeguard personal records.
"The scale of this potential data loss drives home just how essential it is to have mandatory, strong encryption on all sensitive, personal on laptops and portable storage devices – even if those devices are stored in supposedly secure areas within buildings. Less than half of all UK firms encrypt their laptops, so data security is still being mostly left to chance," he said.
The Information Commissioner’s Office (ICO) is looking into the loss. Chris McIntosh of ViaSat UK called on the organisation to impose meaningful sanctions.
"The ICO has proven several times that it is willing to impose civil penalties on public sector organisations. It is to be hoped that the ICO acts swiftly and decisively to pass a strong message in this case and that, more importantly, the data on the laptop itself doesn’t end up in the wrong hands. If it does, innocent members of the public could find extremely sensitive, personal information that should have been strictly confidential being used against them," he said.
"When a machine contains highly sensitive information on literally millions of patients, not securing the data on it by any means possible isn’t just careless: it’s sheer negligence. With the value of the data on such a machine in the tens of thousands of pounds, spending a little extra on security should be a no-brainer," McIntosh added.