Chapter 4

[Ian G Batten]

On Fri, 14 Mar 2003, Ross Anderson wrote:

> The latest NHS initiative appears to be moving the notes kept in your
> GP's surgery on to central servers. Very convenient, you see - the poor
> GP no longer has to worry about tiresome things like backup

http://www.theregister.co.uk/content/55/29752.html

   Health bosses in Lancashire are facing awkward questions after
   confidential medical records of 13 cancer patients found there way
   onto a portable memory stick, which was repackaged and sold as new to
   a Crewe estate agent.

But I'm sure the Home Office will tell us that records seized under the
RIPA won't have anything like this happen to them, oh no.  In this case,
the data protection manager [*] says "We are treating this with the
utmost gravity. It is a serious incident. There has to be additional
security put in place to make sure this situation is not repeated."  He
didn't mention words like `discipline', but then in the world of the
public sector no-one is accountable for anything much anyway so they
probably don't know who did it.

  It seems medical records of patients (dating back to 1999) were copied
  from a hospital PC onto a portable memory stick. We don't know who did
  this, yet.

  How this stick was subsequently obtained by a unnamed Crewe reseller,
  who sold it (as a new, blank stick) to estate agent Dawn Rozzell for
  ?30, also remains unclear.

  In any case when Ms Rozzell connected the stick to her PC she had
  quite a surprise - it contained "the dates of birth, home addresses,
  telephone numbers, family medical histories and GP details" (dating
  back to 1999) of 13 cancer patients, the Bolton Evening Newsreports.

ian

[*] I'm one of those.