East Midlands Ambulance Service loses patient data again

'Obsolete' device 'could be still on our premises'

The East Midlands Ambulance Service has lost a data storage device containing 42,000 patient report forms - the second time it has lost sensitive patient data in three years.

The ambulance service has reported the loss to the Information Commissioner's Office (ICO), which is now investigating the incident. As it's not the first time the service has lost patient data, it now faces an ICO fine.

Sue Noyes, East Midlands Ambulance Service chief executive said: "We express sincere apologies for a patient data loss incident which we have reported to the Information Commissioner."

She said a data cartridge [like the one pictured] containing just under 42,000 electronic copies of scanned handwritten patient report forms - which are believed to be from September 2012 to November 2012 - went missing from the service's Beechdale divisional headquarters in Nottingham.

She said "the cartridge is small" and that there was "a possibility that it is still on our premises". She added that a "thorough search of the building" was being made.

Noyes added: "We are certain the data can only be read via specific hardware which we have in our premises, and which is no longer in production i.e. it is obsolete.

"Therefore it is unlikely that the information stored on the missing cartridge can be viewed by anyone outside of the organisation."

The loss has also been reported to Nottinghamshire Police. Noyes said the data loss was "extremely unfortunate", as during this financial year the service is replacing the current computerised storage system to strengthen security arrangements.

The ambulance service said "information governance training" takes place annually at the organisation, and features in the induction for new recruits. It said an internal audit earlier this year, provided "significant assurance that there is a sound system in place to support information governance".

However, East Midland Ambulance Service has form. In July 2011, it was reported that five NHS trusts had been issued with ICO undertakings, all of which the data protection body said "relate to incidents where they failed to take appropriate steps to ensure that sensitive personal information was kept secure".

Among the undertakings, East Midlands Ambulance Service NHS Trust lost an unencrypted memory stick containing sensitive personal data relating to a number of patients.

Regarding the latest incident, people who received an ambulance response during September 2012 to November 2012, and who had their details recorded in handwriting on a paper patient report form, can contact the ambulance service for more information, it said.

Image: A photo by the East Midlands Ambulance Service of a device similar to the lost cartridge

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about ICO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antony Savvas

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place