Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Data Leaks

Data Leaks

Medical Records of Thousands of UK Prisoners Compromised

The data was stored on a misplaced USB memory stick

By Lucian Constantin, Web News Editor

13th of January 2009, 09:07 GMT

Adjust text size:


USB stick containing medical records of UK prisoners was lost
Enlarge picture
A USB stick containing medical information on 6,360 prisoners incarcerated at Her Majesty’s Prison Preston has been lost by a worker from the Central Lancashire Primary Care Trust.

Trust representatives explained that the memory stick was used to backup the database of the prison's clinic. “We are taking this very seriously, and we would like to apologize unreservedly for any concern this incident has caused,” a spokesperson said.

The information that was compromised included the prisoners' names, age range, prison, and cell number, along with details about serious ailments, as well as mental and sexual health status, dating back to 2000. In addition, the dates of their clinic appointments and scheduled reviews were also contained on the stick.

The memory stick was encrypted, which is rarely the case with data leak incidents that involve such lost storage devices. However, ironically enough, a note containing the password was attached to it. “In this case, the security of the device appears to have been utterly ham-fisted – with the benefit of encryption completely undone by the lax attitude to keeping the password secret,” Graham Cluley, senior technology consultant for Sophos notes.

“When people are sent to prison, we expect them to be put under lock-and-key, with no chance of accidental release. It’s a shame we can’t seem to expect the same level of security when it comes to their personal information,” Mr. Cluley concludes.

The Trust is in process of contacting the prisoners in order to inform them about the risks they have been exposed to. Furthermore, all the memory sticks carried by the staff in the area have been called back and a review of the security practices is pending.

This is not the first time when prisoner information is being lost in the UK. In August 2008, PA Consulting, a firm contracted by the government, misplaced a memory stick containing the unencrypted personal details of 84,000 prisoners, including some of the most dangerous criminals. In addition, prison staff across UK were also exposed to similar risks when another company, contracted by the British Ministry of Justice, lost a portable hard-disk drive.

Other major data leak incidents, for which the UK government is directly or indirectly responsible, involved the loss of records on 25 million consumers by the HMRC, the British department responsible for tax collecting, or the theft of a hard drive containing the personal details of 50,000 retired and active military personnel from the offices of Service Personnel and Veterans Agency.

TAGS:

 HMP Preston | prisoner information | Central Lancashire Primary Care Trust | USB stick | medical records
Read by 1,135 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Royal Laptop Stolen Along with Intimate Pictures

Sensitive Data Leak Frenzy Hits Germany

Every Compromised Identity in UK Is Worth $22,000

Sensitive Data Leak Incident Hits the Bank of Ireland

The Records of UK's Tax Payers at Risk of Being Compromised

Yet Another Data Leak from the UK Ministry of Defence

Prison Staff Unencrypted Information Lost

Important Scottish Newspaper Leaks Private Data

Personal Information of UK's Most Dangerous Criminals Lost

User opinions:


Comment #1 by: Joe on 14 Jan 2009, 22:17 GMT reply to this comment

This is why a dlp solution, which first determines if the data should be blocked (accuracy rate needs to be 100%) MUST be in place as encryption alone is not enough.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive