Loss of NHS Digital devices almost doubles in a year

More than 1,000 devices were either lost or stolen from government departments between April 2019 and March 2020, of which 139 devices went missing from the Department for Education (up 50% on the previous year) and 35 from NHS Digital (almost double on the previous year).

The Department for Business, Energy and Industrial Strategy misplaced a total of 193 devices, while the House of Commons confirmed a total of 38 devices had been lost or stolen, 14 of which were lost on public transport. Just nine of the total number were recovered.

These findings, obtained through Freedom of Information requests by USB manufacturer Apricorn, highlight ongoing data security risks at a time of heightened fears around privacy, location tracking and data misuse following the delayed launch of the NHS track and trace app.

Commenting on the numbers, Jon Fielding, managing director for EMEA at Apricorn, said that public sector organisations, which are responsible for high volumes of sensitive data, must recognise that compliance and security demand ongoing effort.

"At a time when so many employees are working remotely, policies must be enforced and employees educated on the importance of keeping data secure whether in the office or on the move,” he explained.

In other findings, HMRC reported 375 devices lost or stolen between July 2019 and June 2020, including 218 mobile devices, 132 Microsoft Surface Pro tablets, 12 laptop computers and 13 USB memory sticks. Of those 13 USB devices, just 5 were encrypted.

The Home Office’s Annual Report and Accounts 2019-20 disclosed the loss of 2,404 inadequately protected electronic equipment, devices or paper documents from outside secured government premises, and a further 946 from within secured government premises. Additionally, it reported the loss of 11 inadequately protected electronic equipment, devices or paper documents from inside and outside secured government premises that had to be notified to the Information Commissioner’s Office during the 2019-20 reporting period.

“For government departments such as the Home Office and HMRC, that are responsible for sensitive data and intellectual property of countless tax payers, corporate approved, hardware encrypted storage devices should be provided as standard," Fielding added. "Encryption is a must to ensure that, whether these devices are lost, stolen or forgotten, the data on them is unintelligible should they fall into the wrong hands. Businesses must accept the need for digitisation and the benefits it delivers to storing documents, online backups, document management and remote working. The process is faster, more efficient and, ultimately, safer than offline equivalents.”

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks.

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement