Laptops containing the private and medical details of more than 7,000 Birmingham NHS patients have been stolen, prompting a massive security alert.
Surgical firm Trulife, which is used by four hospitals – Birmingham Children’s Hospital; City Hospital, in Winson Green; Sandwell Hospital, in West Bromwich; and Rowley Regis Hospital – has revealed that three computers are missing.
One of them was taken after being left in a car by an employee, while another was snatched during a mugging.
None of the information on the missing laptops had been encrypted.
Between 3,000 and 3,500 Children’s Hospital patients are affected, plus a further 3,633 patients from City, Sandwell and Rowley Regis.
Apologetic letters are to be sent out from Trulife explaining that private details are now in the hands of strangers.
The first laptop went missing at the premises of a Birmingham hospital in March 2006, a second was stolen in a mugging in March 2007 and the third was stolen after being left in a Trulife employee’s car in February last year.
Patient Yvonne Dass, aged 53, from Edgbaston, said she was appalled.
“The letter says Trulife is truly sorry but that does not explain why it has taken so long to let people know that such personal information is in the hands of a stranger, who could use it for the wrong reasons,” she said.
A Trulife spokeswoman said although the laptops were password protected they had not been encrypted, and only contained “basic information” of name, address, date of birth, hospital number and orthotics appliance prescription.
“The laptops did not contain any other information about patients’ personal circumstances – medical, financial, personal or social,” she added.
Alan Taman, of Birmingham Children’s Hospital, said: “Trulife informed us at the end of May about the potential loss of data related to our patients and we immediately instigated an internal investigation to ascertain the nature of the data loss and the risks that our patients were exposed to.
“The investigation traced the data loss to the theft of a Trulife laptop in February last year and contained information on between 3,000 to 3,500 of our patients. No sensitive information related to patient health was held by Trulife, nor did they generate any.
“We are working with Trulife to identify those patients affected and will be writing to them directly.”
A spokesman for Sandwell and West Birmingham Trust, which runs the other three hospitals, said: “Trulife has written to 3,633 of the Trust’s patients on July 14 and, to date, Trulife has received 59 calls to its helpline.
“Trulife provided surgical orthotics appliances – for patients with bone illnesses – at the Trust until March last year. The orthotics service is now provided in-house. Hospital chiefs were informed about the laptops in June this year and instructed Trulife to write to all patients affected by the data loss to inform them of the incident.”