Loss of NHS Digital devices almost doubles in a year

More than 1,000 devices were either lost or stolen from government departments between April 2019 and March 2020, of which 139 devices went missing from the Department for Education (up 50% on the previous year) and 35 from NHS Digital (almost double on the previous year).

The Department for Business, Energy and Industrial Strategy misplaced a total of 193 devices, while the House of Commons confirmed a total of 38 devices had been lost or stolen, 14 of which were lost on public transport. Just nine of the total number were recovered.

These findings, obtained through Freedom of Information requests by USB manufacturer Apricorn, highlight ongoing data security risks at a time of heightened fears around privacy, location tracking and data misuse following the delayed launch of the NHS track and trace app.

Commenting on the numbers, Jon Fielding, managing director for EMEA at Apricorn, said that public sector organisations, which are responsible for high volumes of sensitive data, must recognise that compliance and security demand ongoing effort.

"At a time when so many employees are working remotely, policies must be enforced and employees educated on the importance of keeping data secure whether in the office or on the move,” he explained.

In other findings, HMRC reported 375 devices lost or stolen between July 2019 and June 2020, including 218 mobile devices, 132 Microsoft Surface Pro tablets, 12 laptop computers and 13 USB memory sticks. Of those 13 USB devices, just 5 were encrypted.

The Home Office’s Annual Report and Accounts 2019-20 disclosed the loss of 2,404 inadequately protected electronic equipment, devices or paper documents from outside secured government premises, and a further 946 from within secured government premises. Additionally, it reported the loss of 11 inadequately protected electronic equipment, devices or paper documents from inside and outside secured government premises that had to be notified to the Information Commissioner’s Office during the 2019-20 reporting period.

“For government departments such as the Home Office and HMRC, that are responsible for sensitive data and intellectual property of countless tax payers, corporate approved, hardware encrypted storage devices should be provided as standard," Fielding added. "Encryption is a must to ensure that, whether these devices are lost, stolen or forgotten, the data on them is unintelligible should they fall into the wrong hands. Businesses must accept the need for digitisation and the benefits it delivers to storing documents, online backups, document management and remote working. The process is faster, more efficient and, ultimately, safer than offline equivalents.”

    Share Story:

Recent Stories

Your people and the pandemic: Are you doing enough?
Employee health, well-being and security have always been a vital part of risk management, and as organisations seek ways to ensure a smooth, successful and sustainable return to operations amid the evolving environment, careful consideration has to be given to all these areas, and quickly. Published August 2020

Responding to COVID-19: A safe and secure return to work
Learn more from the experts that worked on the recovery of the Diamond Princess. Published July 2020