Lost memory stick contained confidential patient records

Graham Cluley
Graham Cluley
@[email protected]

With apologies to Andrew Lloyd-Webber and T S Eliot:

# Memory sticks
All alone in the dustbin
I can smile at the old days
I was more careful then
I remember the time I knew what security was
Let the memory live again #

Yep, it’s another day, another data loss story.

Sign up to our free newsletter.
Security news, advice, and tips.

According to a report in a British tabloid newspaper, the sensitive records of 200 patients suffering from psychological disorders have been found on a portable USB thumb drive found in the road.

The data, which originated from Richardson Hospital in County Durham, details not only the patients’ names, dates of birth, addresses and National Insurance numbers, but also contains highly confidential notes detailing their history of drug addiction, self-harm, sexual abuse and suicide attempts.

A member of the public is said to have found the memory stick in the street. Tees, Esk and Wear Valleys NHS Trust admitted that there had been a serious breach of security, and blamed a computer technician for taking records out of the hospital.

This is just the latest in a long line of incidents involving organisations who have proven to be careless with the sensitive data entrusted to them. If the data had fallen into the hands of an identity thief, rather than a law-abiding citizen, then they would have had a field day with the information contained on the drive.

Some of the mental health patients affected by this data breach have told local newspapers how disturbed they are about the lax security.

I hate to sound like a broken record, but there wouldn’t be such a hoohah about incidents like this if more organisations took the step of ensuring that all sensitive data copied onto portable media like USB drives was properly encrypted. Every member of staff inside your company needs to understand the importance of taking proper care of data, and not acting irresponsibly.

* Image source: Nedko’s Flickr photostream (Creative Commons 2.0)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.