Revealed: Litany of HSE file security breaches
Figures obtained by the Irish Examiner show the security breaches have occurred across the country over the past four years.
According to Freedom of Information Act records, between Jan 2009 and Dec 2012 a total of 69 devices went missing — 61 of which have since been written off as stolen.
Of these — which mean one item disappeared every three weeks during the period — 51 contained sensitive information, while 20 had no encryption in place.
The material includes 52 laptops, 13 USB sticks, three BlackBerrys, and one iPhone.
The most disappearances occurred in HSE Dublin Mid Leinster, where 28 items were lost during the period including 13 last year alone, and the HSE West, where 26 items were lost including 15 “stolen” laptops from Roscommon in 2009.
The HSE has not revealed the exact nature of the sensitive information involved.
However, previous laptops stolen from the HSE have included detailed, unencrypted social worker notes on families; financial data; extensive staff personal information that could be used for identity theft; and patient medical records.
The figures come after a string of internal HSE audits obtained by this newspaper repeatedly raised concerns over the security measures in place at hospitals and health service offices across the country.
They also follow previous revelations that as many as 55 HSE laptops, USB sticks, and smartphones were stolen or lost between late 2004 and the end of 2008.
After the initial difficulties emerged, then HSE CEO Prof Brendan Drumm made an “explicit” commitment that all computer equipment used would be encrypted to prevent highly sensitive information falling into the wrong hands.
The HSE came in for further criticism over the matter in mid-2009 when it failed to inform the Data Protection Commissioner that 15 laptops had been stolen from health service offices in Roscommon.
The watchdog instead only learned of the crisis after reports in the media.
A spokesperson for the commissioner was unable to confirm whether the HSE had told the office of the subsequent 69 data breaches at the time of going to press.
Irish Patients’ Association chairman Stephen McMahon said the latest breaches were unacceptable.
“Somebody needs to be held accountable. Considering the previous assurances given in 2008, this is totally unacceptable.
“And there’s an even bigger question in all of this; has the lost information been backed up, or do we have black holes involving patient files?”
* 69 HSE laptops, USB sticks, and smartphones have been lost or stolen since the start of 2009.
* 61 were regarded as stolen — 21 in 2009, four in 2010, 19 in 2011 and 17 last year.
* 51 had sensitive data.
* 20 were not encrypted.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
