East Surrey Hospital lost details of 800 patients on unencrypted USB stick

News has emerged that East Surrey Hospital lost the details of 800 patients stored on an unencrypted USB stick in 2010, in yet another data protection blunder by the NHS.

The incident came to light in the Surrey and Sussex Healthcare NHS Trust's annual report for 2010-2011, seen by local paper Crawley Observer, which also revealed nine other "near misses" where information was lost but later recovered.

V3 contacted Surrey and Sussex Healthcare NHS Trust for comment on the matter but had not received a reply at the time of publication.

The Information Commissioner's Office (ICO) was informed of the incident last year, and a spokesperson said that the Trust was reprimanded over the incidents, although no formal action was taken.

"The ICO warned the organisation that its policy covering the storage and use of personal data must be followed by staff, and the Trust must make sure staff are aware of the policy and are appropriately trained on how to follow it," the spokesperson said.

"The Trust was also warned that any repetition of such an incident may result in formal regulatory action."

Grant Taylor, UK vice president at security firm Cryptzone, described the loss as an "utter disgrace" that highlights poor data protection practices in the NHS.

"Had this been a private company, rather than an NHS Trust, the organisation would have been publicly censured and a large fine levied under the Data Protection Act," he said.

"The fact that this is a government agency that has experienced a total of 10 data loss incidents - and one where the data was not recovered - is highly questionable."

The NHS has one of the worst records for data handling. Recent losses include details on eight million patients on a laptop that was stolen, and 1.6 million details sent to a landfill site on a CD.

Despite this record, no NHS body has been fined by the ICO, although the watchdog revealed last week that more penalty notices are to be issued in the near future.