A laptop containing 8.6 million medical records has gone missing from an NHS building in London, according to a report.
The computer was lost three weeks ago but police were only informed this week, according to The Sun.
The laptop was reportedly unencrypted and contained sensitive details on 8.63 million people. It also held records of 18 million hospital visits, operations and procedures.
The Information Commissioner's Office (ICO) confirmed it is looking into the issue.
"Any allegation that sensitive personal information has been compromised is concerning and we will now make enquiries to establish the full facts of this alleged data breach," an ICO spokesperson told IT Pro.
Data lost did not include names, but gender, age and ethnic details were held on the laptop. Other data included details of cancer, HIV, mental illness and abortions.
The device was one of 20 that went missing from a store room at NHS North Central London. Eight have been recovered, with searches for the other 12 ongoing.
"When a machine contains highly sensitive information on literally millions of patients, not securing the data on it by any means possible isn't just careless: it's sheer negligence," said Chris McIntosh of ViaSat UK.
"The ICO has proven several times that it is willing to impose civil penalties on public sector organisations. It is to be hoped that the ICO acts swiftly and decisively to pass a strong message in this case and that, more importantly, the data on the laptop itself doesn't end up in the wrong hands."
Nick Lowe, head of sales in Western Europe for security firm Check Point, said the new case again highlighted the need for organisations to better secure their hardware.
"The scale of this potential data loss drives home just how essential it is to have mandatory, strong encryption on all sensitive, personal on laptops and portable storage devices even if those devices are stored in supposedly secure areas within buildings," Lowe said.
"Data security is still being mostly left to chance."
The NHS has come under the data security spotlight numerous times in recent years, thanks to repeated device losses.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
Tech leaders worry AI innovation is outpacing governanceNews Business execs have warned the current rate of AI innovation is outpacing governance practices.
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
-
Thousands of procedures canceled at London hospitals as Qilin releases blood test dataNews The attack on blood testing company Synnovis continues to affect patients, while the ransomware group follows through with its threats
-
Ransomware group threatens to publish 3TB of stolen NHS Scotland data after posting proof of attackNews NHS Dumfries and Galloway has confirmed some of the sensitive data stolen during the 15 March attack has been published by a known ransomware operator
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
