Hospital loses personal details of 18,000 NHS staff
PUBLISHED: 16:21 22 September 2008 | UPDATED: 15:24 07 September 2010
By Tan Parsons COMPUTER disks containing the personal details of almost 18,000 NHS staff have gone missing from the Whittington Hospital. Staff fear the information could lead to identity fraud on a huge scale, should it fall into the wrong hands. The fou
By Tan Parsons
COMPUTER disks containing the personal details of almost 18,000 NHS staff have gone missing from the Whittington Hospital.
Staff fear the information could lead to identity fraud on a huge scale, should it fall into the wrong hands.
The four disks lost from the Highgate hospital contain names, addresses, national insurance numbers, dates of birth and payroll details of staff at Camden and Islington Primary Care Trusts, the Camden and Islington Mental Health Trust and the Whittington itself. They also contain details of staff who have left the organisations since 2001.
"I am very concerned," one midwife told the Ham&High.
"People could use this information to burgle our homes. A lot of people who work here are patients here as well. Anyone who has that information could ring up and find out our medical details.
"No one has spoken to us about this. One piece of paper was passed around the office this morning - that's all. We haven't heard from our manager yet. They just don't care about the staff"
Another staff member said she would consider taking legal action if anything happened because of the lost disks.
"They've pushed it too far now. We are talking about people's personal lives and their livelihoods," she said.
"If people get hold of these details they can do anything and everything with them. We aren't allowed to give out patients' details over the phone because of confidentiality agreements, but now our details have just been given away."
The disks were lost in July but the matter only came to the attention of hospital authorities on September 5.
They were destined for IT firm McKesson, which provides payroll services. They were put in an envelope and left in an out tray, but were never seen again.
The security breach echoes a blunder at St George's Hospital in south London, where six laptops containing the records of 20,000 patients were stolen in June.
Hospital head David Sloman issued an apology this week, and promised the alpha-numeric passwords needed to unlock the information on the disks would be extremely difficult to break unless they were found by "expert hackers".
"I'd like to apologise to all the staff who have been affected by this incident. They are passionate and dedicated members of the NHS who work really hard and have made tangible improvements for patients, and they have been let down by this incident," he said.
"It's our responsibility to do everything we can to support them to move forward. The police are investigating the incident and they have told us we should consider it as a loss and that the risk to staff is minimal.
"This is not the first time this has happened in the NHS. Our staff are working with us on this and most are pretty sanguine about it, but the full reaction will become clearer as the day progresses."
The hospital maintains the breach is a one-off and the disks should never have been marked for the post. One employee has been suspended pending an internal investigation and independent security experts have been called in to examine procedures.
"When you employ 2,500 staff you do everything you can to prevent these things from happening, and in this incident someone has stepped outside of our policy," added Mr Sloman.