News RSS Feed


Essex: Health boss apologises after data stolen

2:07pm Monday 30th June 2008

comment Comments (27)   Have your say »


Colchester Hospital University NHS Foundation Trust's statement in full: On 18 June 2008 a laptop computer was stolen from a senior manager's car after it was broken into in Scotland. The police were called immediately and the Trust is cooperating fully with their investigation.

The computer contained personal information on several thousand of our patients, amongst many other files of less-sensitive data. The lists contained details including patients' names, their date of birth, postcode, hospital number and the hospital procedure the patient was about to undertake.

In a letter to the affected patients, Trust Chief Executive Peter Murphy apologised for the distress this incident may have caused.

He said: "The Trust offers all affected patients its sincere apologies for putting their confidential information at risk. The computer was password-protected and only authorised staff with the correct password could access the data. But as the data was not encrypted there is a very small chance that patient details can be accessed.

"We believe the data will almost certainly be wiped by the thief for a quick sale. Nonetheless, we owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future.

"We have also set up a helpline for patients to ring for further information and the number is on the letter sent to the patients affected. If patients have not received this letter, their details are not on the lists stolen."

The Trust has not lost any patient data as a result of this incident. All of the files on the stolen computer were copies and the Trust still holds all of the information on its secure patient database at the hospital. No appointments will be affected.

Mr Murphy concluded by saying: "Patients and the public should be reassured that the Trust takes security and patient confidentiality very seriously. We are holding an investigation into how this incident occurred and its consequences and have suspended the member of staff involved until the investigation concludes."

Print article » Email to a friend »

Your Say YourColchester

Colchester NHS Patient, Colchester says...
2:35pm Mon 30 Jun 08

Message to Trust Chief Peter Murphy.

Why the h*ll where the details of Colchester hospital patients doing on
on a laptop in Scotland?

Will every patient who has their ID details stolen as a result of this theft and employee stupidity be properly
compensated by the Trust?

Does the Trust plan to sack the stupid employee who took this data sensitive laptop to Scotland?

Will Peter Murphy be sacked as a result of this massive data breach?

Mr Murphy is making a big assumption that the data will be wiped before it is sold on by the thieves.

Are Peter Murphy and the Trust aware of the massive market there is for stolen ID details?

Why aren't our useless councillors and MPs asking these questions - given that they are paid a kings ransom to act for us?





Report this post »

Mrs PJ Turner, Colchester says...
3:46pm Mon 30 Jun 08

If proper written procedures are in place to prevent this problem, then the individual staff member should be sacked. If procedures are not in place then the responsible higher manager should be sacked. No 'ifs or buts' Severe disciplinary action is needed or it will only happen again!

Report this post »

Fed-up Patient, Colchester says...
4:10pm Mon 30 Jun 08

A few days after the gazette reported Richard Bourne will be paid £30,0000 for being chair for the trust, we hear that details of 2,000 patients have been lost. This is a scandal which I hope Richard Bourne will personally apologise for,but I doubt it Who is surprised though as leadership at the hospital is non existent....

Report this post »

Ex Labour Voter, Colchester says...
4:32pm Mon 30 Jun 08

Richard Bourne another Labour pig with his nose in the trough.

I still can't forgive myself for voting for Labour into power during the past three General Elections. Never again. I am truly sorry.

Report this post »

WTF?, Essex says...
7:46pm Mon 30 Jun 08

How exactly does a thief wipe the laptop without having access to the hard drive?

Report this post »

really angry, colchester says...
10:51pm Mon 30 Jun 08

I can't believe these idiots in charge of our personal details. Myself and my family had a major accident last year and all of us got a letter today. like we need more stress from morons in places of power.
people should be sacked and e eryone effected compensated. Fraud is rife and the government do nothing about it. sack them 2 how many more mistakes are these people allowed to get away with.
In a car, in scotland what the hell 4, who allowed this? Mr Murrey? A few letters isn't good enough the implications for my family and others is huge, i for one dont need the stress.
What is going to happen now thats what i want to know!!!!!

Report this post »

gutted by the stupid NHS managers, Essex says...
10:55pm Mon 30 Jun 08

Exactly how many were affected I wonder, there are only two of mu family undergoing investigation with this NHS and we have both received letters regarding the stolen laptop this for my family is 100%.

I work in IT and if given the stolen laptop could access the information within 10 minutes!!!!!

Sack the senior manager and make him handwrite apoligies to all patients and sack Mr Peter Murphey for his stupid comment regarding the fact that the data will be overwritten - an assumption - was there any indication ie asset tag that the laptop was NHS property, given markings on desktops at Colchester General I suspect that there may have been.

Sack them both and also ensure that the NHS employ IT staff who are capable of enforcing encription on laptops.

Report this post »

sarah, clacton says...
12:31am Tue 1 Jul 08

we got the letter today
after getting cloned twice last year, we are not happy bunnies
will it ever end
security in this county is a joke!
quote

Report this post »

Red Tape, Colchester says...
6:51am Tue 1 Jul 08

I suppose in the same way that Chief Execs award themselves huge bonuses when things go well, in this case the CE will face a multi-£100k fine for a major security breach?

Report this post »

asto, colchester says...
7:08am Tue 1 Jul 08

We received a letter in relation to our 2 year old son. It is the second time this has happened to him. Last year data relating to his time in special care in Croydon was left in a supermarket. Now, we have someone taking data on a drive to Scotland. So not only was it at risk up there, but for the whole journey, which would not have been short.

The trust apologises for putting data at risk, but in fact that is a nicety to avoid admitting a breach. And because of the sham of password protection a breach is only theoretical until proven.

As for compensation, that would only arise in the event of an actual loss which could be proven to be a result of this data breach. Candidly, with so much data fraud these days no-one could establish this. There should however be a standard fixed compensation for any data loss. It would not need to be a lot - even £100 would amount £200,000 in this case and that would be enough to ensure future problems being avoided.

Report this post »

Mal, Colchester says...
7:29am Tue 1 Jul 08

We've got two Labour councillors on the boards of the two local primary care trusts (PCTs). Essex Labour councillor Richard Bourne who is also Chairman of Essex Three Rivers PCT and Labour Borough councillor Tim Young who is on the board of North East Essex PCT. Both of these councillors need their backsides kicked for these data security breaches which have caused a huge leve of upset and distress to the people of Colchester.

Report this post »

Joe Blogger, Soapbox says...
9:37am Tue 1 Jul 08

This 'senior (mis-)manager' who is so free and easy with patient details should be NAMED. His/her actions should remove any right of anonymity !!!

Report this post »

Tina, Colchester says...
12:35pm Tue 1 Jul 08

Why would a "senior manager" need to have data including the personal details of patients and their procedures? It appears the Trust and others may be focussing on the loss of the laptop (and the risk it may or may not pose - and I also work in IT, and agree it could be accessed remarkably swiftly, password or no password), to deflect attention from the bigger issue.

That someone was able to have personal details on his/her computer, presumably without any business need, suggests the Fata Protection/Security measures in force are woefully inadequate!

Report this post »

Jack, Maldon says...
2:35pm Tue 1 Jul 08

And why do I believe our details on ID cards will not be safe? All Data banks are liable to fraud, criminal activity and /or stupidity. Once our ID card details get stolen...

Report this post »

Brenda, Clacton says...
4:32pm Tue 1 Jul 08

I also received a letter and I'm not happy ,Why was this laptop with my details and others taken off the Hospital premises and taken to Scotland ?

Report this post »

I`m SO angry!, Stanway says...
5:25pm Tue 1 Jul 08

I have always been so careful to shred anything carrying ANY personal information only to have some IDIOT negate my precautions.He (or she) should be publicly named & made responsible for any loss, financial or otherwise, suffered by any of us!!!

Report this post »

Cliff, Colchester says...
5:31pm Tue 1 Jul 08

If anyone wants to take my stolen details and undergo the procedure I am due to have then good luck to them is all I can say!

Report this post »

Len Harvey, colchester says...
7:11pm Tue 1 Jul 08

as one whose information has been stolen why have the hospitl not published the name of the person who took the laptop to scotland, I am now awaiting cancellation of oncoming appointments

Report this post »

Karen, colchester says...
7:37pm Tue 1 Jul 08

My details were on the laptop.
The letter from the Chief Executive was an insult to one's intelligence. The assurances about future appointments treatment is totally missing the point. We are talking about stolen identity Mr Murphy.
It also occurs to me the possibility of my Next of Kin details being at risk.
I suppose the person responsible has been suspended on Full Pay?? If so, why?
Will we be informed of the result of the investigation?
I am furious that the Trust have been so cavalier with personal details & did not even feel it necessary to inform ayone for 2 weeks!!



Report this post »

margaret, tendring says...
7:59pm Tue 1 Jul 08

Managers work from home legitimately. Managers use laptops to log on securely from home. Managers look at this data as part of their day job. Managers take work home. Is this news?
There was no financial info stolen.
There was no health record stolen.
there was no Next of Kin details.
Nearly all of the data is available on the Electoral Register and elsewhere. For instance, go and look at http://www.192.com/s
earch/people.cfm
And let's keep it in perspective: it was stolen from a car 400 miles away in Edinburgh. Don't be naive as to how hard it is to get data like this from legitimate sources.
And it took 10 days to get 21,000 letters written, printed, stuffed and posted.


Report this post »

SE16, Colchester says...
9:31pm Tue 1 Jul 08

I like many other today received the letter from the trust. What the hell is going on. Why did a senior manager need our medical details on his laptop. I always thought that records were confidential and only available to the medical teams dealing. Still can't understand why records were in the hands of non-clinical staff. ID fraud is rife,and due to the nature of my Job this could compromise my job. I like other people we know, who have received are considering seeking legal advice as this is a total breach of the Data Protection Act.

Report this post »

Mel Battle, sparkle says...
9:54pm Tue 1 Jul 08

I also received the letter. What makes it ever more curious- is there seems to be no actual link as to why we are all compiled into one record anyway. Where is the common denominator other than attending the hospital for an app/treatment.
Why would a senior manager have such random app info on his laptop. I could almost understand an audit of such appointments of all those undergoing treatment for x etc.
But it is so random- some for accidents for children, some for pregnancy (me) some for traumatic treatment.
Oh, of course, I am SO relieved that my next appointment will not be affected.
Purlease. The Trust is being run by imbeciles. Trust, is totally the wrong word to use.

Report this post »

tired manager, tendring says...
7:08am Wed 2 Jul 08

I always thought that records were confidential and only available to the medical teams dealing.
As someone who works in the hospital can I assure everyone it was NOT medical records - just appointment data.
Why did a senior manager need our medical details on his laptop.
This data is used by managers to ascertain how many are on a waiting list. In fact to the average member of the public we could call it a list of people waiting or a 'waiting list'! That is what was on the laptop. Managers use that data to check that people are being seen in time.
Oh, of course, I am SO relieved that my next appointment will not be affected.
Purlease.
And the bit about your next appointment was that some people thought that the hospital had lost the original files - and not (as is the case) had a COPY of the data stolen.

Report this post »

sarah, colchester says...
7:17am Wed 2 Jul 08

hi i also got a letter,does this mean whoever stole the laptop can pretend 2 b one of us and get credit or stuff like that

Report this post »

Tina, Colchester says...
12:35pm Wed 2 Jul 08

Sorry, but I think "Tired Manager" is rather missing the point.

I appreciate that managers need to ascertain how many people are on a waiting-list. To do so, though, they do not require patient-specific information. The data required should have been anonymised - and would still have been fit for purpose.

Report this post »

Paul Searle, Head of Communications, Colchester says...
4:37pm Wed 2 Jul 08

Chief Executive Peter Murphy has written this afternoon to the Gazette newspaper as follows:

Dear Letters Page
Following the coverage in the media about our Trust’s laptop computer stolen from a senior manager’s car I wanted to quash some rumours and reassure affected patients on two points.

First, there were no medical records or detailed medical history on the laptop. Second, there was no financial information nor any National Insurance number on it either.

Speculation has been rife and this is causing further worry to the affected patients.

I reiterate that I consider the incident to have been a serious breach of procedure. I am fully aware of the distress this incident has already caused and once again apologise to everyone affected.

May I take this opportunity to say that if you have not received a letter from the Trust on the incident by now, you will not have been one of the affected patients.

Yours sincerely,



Peter Murphy
Chief Executive
Colchester Hospital University NHS Foundation Trust

Report this post »

red tape, says...
10:49pm Wed 2 Jul 08

Thank you Mr Murphy for posting that last comment. I hope it will help people.

Report this post »

Your sayYourColchester

comment Add your comment

Register for a FREE Gazette account and you can have your say on today's news and sport by adding comments on articles we publish. The best comments may even get published in the paper.

Please register now or sign in below to continue.




Forgotten your password?

In this section

Essential Links

Sponsored Links


Editor's Choice

Open space - plans were submitted for a hotel and six business plots at Horsley Cross. Picture: TERRY WEEDEN (46783-1)
Tendring: 150 jobs, but site is wrong

Plans for a business park on green land in Horsley Cross have been refused, it has been announced.

Watch out for the birdie - Kevin King, course manager at Stoke-by-Nayland golf club, on the lookout. Picture: TERRY WEEDEN (81340-1)
Stoke-by-Nayland: Golf club’s birdie of a different kind

They are used to birdies at Stoke-by-Nayland Golf Club, but certainly not those with a six-foot wingspan.

Tendring: Residents shaken by Army testing

Bomb disposal practice by troops set to go into war zones caused a noise nuisance for coastal residents.

Crash scene - Dutch national Johannes Van Nierop admitted to a charge of careless driving. (79293-3)
Marks Tey: Dutch trucker guilty of careless driving

A lorry driver whose trailer overturned on an A120 roundabout and spilled some of his load has admitted careless driving.

Braintree: Sixth form full before it’s open

A new multi-million pound sixth form is likely to be oversubscribed after a nearby college axed A-Level courses.

Easter joy for U's

Colchester United manager Paul Lambert has swooped to sign Plymouth Argyle striker Jermaine Easter on loan.

Loan move for Cureton?

Jamie Cureton is willing to strike out with Colchester United again.

Adoption - today only a small percentage of babies are put forward by birth mothers. The rest are children who have been in the care system. Sub pic
Finding needy children a new family ... for life

Angelina Jolie and Madonna have turned adoption into a globe-trotting, glamorous must-have.

Making movies - Leah Cooper with her film The Prank playing in the background. Picture: STEVE ARGENT (81297-2)
Lights, camera, action... young film-maker has big screen test

For someone so young, Leah Cooper has a great, quirky sense of humour.



Local Advertisers


Local Information

Enter your postcode, town or place name

House prices »   Schools »   Crime »   Hospitals »