Yet another NHS Trust has been found wanting with its data protection policies after an unencrypted USB device containing sensitive patient records was lost on a train by a junior doctor.
Data protection watchdog the Information Commissioner's Office (ICO) said that the East & North Hertfordshire NHS Trust was in breach of the Data Protection Act.
Nick Carver, the Trust's chief executive, has been forced to sign an undertaking with the ICO promising to improve staff training and conduct regular monitoring for compliance with security procedures.
It emerged that the doctor had not been aware of the Trust's data protection policies, and did not have access to email to receive policy reminders and updates.
The ICO also said that the Trust's policies on the use of personal USB sticks were unclear, and that no technical measures were in place to prevent the misuse of portable devices.
Mick Gorrill, head of enforcement at the ICO, warned that storing sensitive information on USB devices is a risk that NHS Trusts "should not be willing to take".
"If it is vital to store information for handover, this must be done with the highest security measures in place," he said.
"Furthermore, it is vital that employees are fully aware of processes which could have prevented this incident from occurring."
Chris McIntosh, chief executive of encryption firm Stonewood, argued that education needs to be put in place alongside strong controls.
"It is not enough for governments and other bodies to insist that data is not stored on an unencrypted device," he said.
"While organisations as a whole may know the value of encrypted data, it is imperative that not only do the workers know this but that controls are put in place to ensure that there is no way for information to be saved on unencrypted storage at any point in the first place."
Robert Rutherford, managing director of consultancy QuoStar Solutions went further, branding the incident "scandalous and avoidable".
"Either a decision was taken not to invest in proper controls at board level or there is a lack of aptitude and awareness within the IT department," he added.
"It is straightforward to control which devices people have access to and to enforce encryption onto them for files and folders copied from the corporate network.”
The news comes just one month after Royal Wolverhampton Hospitals NHS Trust lost a CD containing over 100 records.
Two months previously, Gorrill warned that NHS departments are still making far too many mistakes, after incidents at Basingstoke and Stoke-on-Trent trusts.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago