[ISN] Laptop with more than 5, 000 patients' details stolen from hospital

From: InfoSec News (alerts@private)
Date: Fri Feb 15 2008 - 00:10:01 PST


http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=514463&in_page_id=1770

The Daily Mail
14th February 2008

A laptop containing personal records of more than 5,000 out-patients has 
been stolen from an out-patient clinic at a hospital, it was revealed 
today.

Thousands of letters were this week being sent to patients warning them 
that the laptop containing their names, addresses, birth dates and 
medical details had gone missing.

The theft from Russells Hall Hospital in Dudley, in the Black Country, 
comes in the wake of several high-profile laptop thefts including one 
belonging to the Ministry of Defence from a car parked in nearby 
Birmingham.

The computer was taken on January 8 from the anticoagulent clinic, which 
deals with people who suffer from blood-thinning problems.

Police were informed at the time but the 5,123 patients involved have 
only just been told.

Russells Hall today apologised and reassured patients that the database 
is password-protected.

But trust chief executive Paul Farenden admitted the laptop, a Fujitsu 
Siemens C Series Lifebook, had not yet been fitted with a new 135,000 
data security system currently being implemented at Russells Hall.

He said: "Clearly this is a serious issue. We take precautions to try 
and protect all the IT equipment in our hospitals from theft but given 
this is a public building with thousands of people accessing it every 
day, there are inevitably practical difficulties around security.

"Our security team works very hard to ensure the safety of our staff, 
patients and visitors, but it is very difficult to mitigate against all 
deliberate acts of theft.

"We would like to apologise for any concern this matter has caused those 
patients affected, and would like to reassure them that the information 
on the database is unlikely to be recoverable."

He said a username and password was required to operate the computer, 
and a separate username and password was needed for the database.

There was no evidence that patient information on the stolen laptop had 
been accessed, he added.

One 55-year-old patient from Wombourne, who received her letter this 
week, said: "Whoever is now in possession of these details can open a 
bank account in my name and run up all kinds of debts."

The letter to patients signed by three senior staff describes the theft 
as "very unfortunate".

A police spokeswoman said: "West Midlands Police is investigating the 
theft of a laptop computer from Russells Hall Hospital on January 8, 
2008.

"The Fujitsu Siemens Lifebook laptop was taken from an office in the 
outpatient department some time between 2.15pm and 4.15pm.

"Anyone with information about the incident is urged to call Dudley 
police station on 0845 113 5000."

Last week it emerged a laptop containing the personal details of up to 
14,000 convicted criminals was stolen from Birmingham Magistrates Court 
over Christmas.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Feb 15 2008 - 00:27:28 PST