Thousands hit by East Sussex Healthcare Trust data breach

Conquest Hospital, Hastings. SUS-150615-132822001
Conquest Hospital, Hastings. SUS-150615-132822001

Hospital papers have revealed the confidential details of more than 3,500 patients were discovered on an unencrypted data stick.

The incident was discussed at an East Sussex Healthcare Trust board meeting on September 30, which oversees Conquest Hospital in Hastings and the Eastbourne DGH.

The trust sent letters of apology to patients after the stick was discovered by a member of the public behind the Conquest Hospital in St Leonards in June.

In a report, Alice Webster, director of nursing at the trust, said: “The memory stick was retrieved by the head of governance and further investigation revealed that the stick was the property of one of the trust’s consultants and contained information of 3,634 patients.

“Some of this pertained to patients from other trusts and private patients.”

The information on the stick contained information about where patients lived and included diagnosis and treatments. The information about patients had been kept for an audit and also contained responses to patient complaints.

So far, 23 patients have logged a formal complaint and eight have taken legal advice and action.

The trust said the data stick was ‘safely destroyed’ and the data extracted from the stick is now password protected and stored on the system.

Richard Sunley, acting chief executive said: “The stick was unencrypted. There is a disciplinary process around the loss of that data stick.

“I unreservedly apologise to all patients whose date was on that stick.”

An investigation discovered there had ‘clearly’ been a breach of policy, adding the stick – which had not been supplied by the trust – was not ‘safe’.

Vanessa Harris, director of finance, said: “Our policies were all in place. Staff are advised how to save data using passwords.”

The stick was discovered by Mel Simpkinson, of New Moorsite, Westfield, who took it home thinking it was someone’s treasured photographs.

But she was shocked to find patients’ private records instead when she plugged the USB stick into her laptop computer.

Speaking at the time, Mel said: “I am baffled someone could mislay such information like this.

“How could this even happen?”

Yvonne Clark, from Battle, also received a letter telling her she had cancer from the hospital in May, which turned out to be a mistake and was also sent to 850 other people.

“What the heck was it doing out of the hospital?” she said. I couldn’t believe it and only a few weeks after the cancer letter.”

The trust is now making sure staff know patient information should never be stored in any format other than a secure trust computer or drive, making sure unencrypted data sticks cannot be used on staff computers.

Alice Webster added there is now mandatory training.

However she said she could not comment on the ongoing disciplinary process.

Don’t miss out on all the latest breaking news where you live.

Here are four ways you can be sure you’ll be amongst the first to know what’s going on.

1) Make our website your homepage at www.hastingsobserver.co.uk/ 2) Like our Facebook page at www.facebook.com/hastingsobserver

3) Follow us on Twitter @HastingsObs

4) Register with us by clicking on ‘sign in’ (top right corner). You can then receive our daily newsletter AND add your point of view to stories that you read here.

And do share with your family and friends - so they don’t miss out!

The Hastings Observer - always the first with your local news.

Be part of it.